{
	"id": "9b77125b-c515-4055-a0d3-66d51bace9c7",
	"created_at": "2026-04-06T00:08:38.092881Z",
	"updated_at": "2026-04-10T03:21:37.19937Z",
	"deleted_at": null,
	"sha1_hash": "3f9604cfe3503f210dab9196522ef07b34557cb3",
	"title": "Sodinokibi/REvil ransomware gang pwns British housing biz via suspected phishing attack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 42988,
	"plain_text": "Sodinokibi/REvil ransomware gang pwns British housing biz via\r\nsuspected phishing attack\r\nBy Gareth Corfield\r\nPublished: 2020-11-06 · Archived: 2026-04-05 20:26:40 UTC\r\nA social housing provider in Norwich, England, has said it was hit with the Sodinokibi ransomware following\r\nwhat it assumes was a successful phishing attack.\r\nFlagship Group revealed last night that its systems were compromised by a \"cyberattack\" on Sunday, 1 November.\r\n\"Whilst the investigation is still going on we can confirm that the incident was caused by ransomware, known as\r\nSodinokibi, via a suspected phishing attack,\" said Flagship in a statement on its partially pwned website.\r\nAn FAQ document [PDF] published by Flagship explained that an on-premises data centre was infected by the\r\nransomware, \"compromising some personal staff and customer data.\"\r\nThe attack is said to have been halted in its tracks, with the usual nameless \"leading, independent cybersecurity\r\nfirm\" along with police and the National Cyber Security Centre all gazing into the breach together.\r\n\"As we have not engaged with the criminals we are not aware of a ransom demand,\" Rick Liddiment, Flagship\r\nGroup's head of communications, told The Register.\r\nThe Information Commissioner's Office has been notified.\r\nThreat analyst Brett Callow of ransomware recovery firm Emsisoft told The Register that not paying the\r\nSodinokibi/REvil gang's ransom demands is the best bet.\r\n\"REvil is one of the multiple outfits which pilfers data and then solemnly swears it'll be deleted if the victim pays\r\nup ('Of course we'll delete it, Guv. You can trust us.'),\" he said. \"However, to the surprise of absolutely nobody, it\r\nturns out the criminals can't be trusted and do not delete the data after ransoms are paid. Instead, they use it as\r\nleverage to attempt to extort money for a second time. The bottom line is that it makes no sense for companies to\r\npay for the promise of deletion. You can't buy your way out of a data breach.\"\r\nAgreeing with Callow, Jake Moore, a cybersecurity specialist from Slovakian infosec firm ESET, told The\r\nRegister: \"Regardless of how quickly a company responds to a ransomware attack, data will be encrypted and\r\neffectively lost. Frustratingly, the standard cybercriminal doesn't just stop there these days and will attempt to\r\nextract data too, which they seem to have successfully achieved here.\r\n\"However, although companies are quick to highlight how they take their customer privacy and security seriously,\r\nthe best course of action is to be proactively prepared for an attack and even expect an attack like this to happen.\"\r\nThe crew operating this particular ransomware strain are known to the public by two names. Earlier this year\r\nREvil published passport scans of staff from a British firm that managed to shrug off an infection and ransom\r\nhttps://www.theregister.com/2020/11/06/revil_sodinokibi_ransomware_gang_flagship_group_housing/\r\nPage 1 of 2\n\ndemand. Its modus operandi is to encrypt and exfiltrate files, demand a ransom and then to auction stolen files to\r\nother criminals, something it leveraged earlier this year after claiming to have hacked a US law firm.\r\nUnder their Sodinokibi moniker, the gang also took down foreign exchange firm Travelex, contributing to the\r\nfinancial firm collapsing into administration this summer. ®\r\nSource: https://www.theregister.com/2020/11/06/revil_sodinokibi_ransomware_gang_flagship_group_housing/\r\nhttps://www.theregister.com/2020/11/06/revil_sodinokibi_ransomware_gang_flagship_group_housing/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.theregister.com/2020/11/06/revil_sodinokibi_ransomware_gang_flagship_group_housing/"
	],
	"report_names": [
		"revil_sodinokibi_ransomware_gang_flagship_group_housing"
	],
	"threat_actors": [],
	"ts_created_at": 1775434118,
	"ts_updated_at": 1775791297,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3f9604cfe3503f210dab9196522ef07b34557cb3.pdf",
		"text": "https://archive.orkl.eu/3f9604cfe3503f210dab9196522ef07b34557cb3.txt",
		"img": "https://archive.orkl.eu/3f9604cfe3503f210dab9196522ef07b34557cb3.jpg"
	}
}