Edition Bleeping computer reports that Sodinokibi ransomware operators (REvil) are coming up with new extortion tactics.
Since the malware runs on the RaaS (Ransomware-as-a-Service, Extortion-as-a-Service) model, developers urge affiliates to copy their victims' data before encryption so that this information can then be used as a lever of pressure on affected companies .
In particular, if the company does not pay the ransom, the data may be published on the website of the attackers, which should be launched soon. We already wrote that the operators of many ransomware have recently not only encrypted, but also steal company data in order to threaten their publication in the public domain. For example, developers of the Malware Maze and DoppelPaymer have already launched their own websites for this.
However, the developers of Sodinokibi do not intend to limit themselves to this. In particular, in a new message, Malvari operators write that they are considering the possibility of creating a system that will automatically send emails to stock exchanges such as NASDAQ. It is planned to inform the exchanges about attacks on specific companies (which refuse to pay the buyback), which, of course, will negatively affect the value of the shares of the latter.
Bleeping Computer recalls that today, any ransomware attack should be seen as data leakage. And companies are strongly discouraged from hiding information about such incidents, as this may result in fines by government agencies, as well as lawsuits by injured employees and users whose data has been compromised.