{ "id": "1dba87fa-03b2-4169-ac3b-23997ae72339", "created_at": "2026-04-06T00:21:36.135166Z", "updated_at": "2026-04-10T13:12:16.783377Z", "deleted_at": null, "sha1_hash": "489b15950177bc8b978c54f8282f8060537a096b", "title": "Sodinokibi Ransomware May Tip NASDAQ on Attacks to Hurt Stock Prices", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 2383119, "plain_text": "Sodinokibi Ransomware May Tip NASDAQ on Attacks to Hurt Stock\r\nPrices\r\nBy Lawrence Abrams\r\nPublished: 2020-02-27 · Archived: 2026-04-05 14:18:05 UTC\r\nThe operators of the Sodinokibi Ransomware (REvil) have started urging affiliates to copy their victim's data before\r\nencrypting computers so it can be used as leverage on a new data leak site that is being launched soon.\r\nThe Sodinokibi Ransomware ransomware operation is a Ransomware-as-a-Service where the operators manage the payment\r\nportal and development of the ransomware and third-party 'affiliates' distribute the ransomware.\r\nThe operators and affiliates then share the ransomware payment made by victims.\r\nhttps://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-may-tip-nasdaq-on-attacks-to-hurt-stock-prices/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-may-tip-nasdaq-on-attacks-to-hurt-stock-prices/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nMost likely spurred on by the release of DoppelPaymer's data leak web site this week, the public-facing representative of\r\nSodinokibi, Unknown, outlined their plans for the further extortion of victims on a Russian malware and hacker forum.\r\nAccording to the post shared with BleepingComputer by Damian, the ransomware operators have finished a 'blog' that will\r\nbe used to distribute unpaid victim's stolen data, with some data like Social Security numbers being held back to be sold on\r\ndark markets for a 'fairly high rate of return'.\r\nSodinokibi plans for their data leak site\r\nUnknown states that the companies who are encrypted by REvil have \"serious problems with data privacy\" and should move\r\nto negotiations quickly. \r\nFurther laying their plans out in the open, Unknown speculates on other ways that they can further pressure victims to pay a\r\nransom.\r\nOne idea they are thinking about is to auto-email stock exchanges, such as NASDAQ, to let them know about the\r\ncompany's attack and hurt the value of their stock.\r\nThe full posted translated from Russian can be read below:\r\nFor all previously published orders, we found artists. The tasks set are difficult, but solvable. We hope to add all the\r\nWe also finished work on a blog in which data from compromised systems will be published. We urged all adverts to copy inf\r\nNow all data will be published on this blog.\r\nxxx\r\nThere are 3 places in the affiliate program. Interested in networking . Soon, probably, we will leave all sites and stop r\r\nAs part of this post, they also linked to a 10MB stolen data dump of one of their victims that they claim contains financial\r\nand tax information. They go on to state that they will add more to this data dump if the victim does not pay.\r\nhttps://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-may-tip-nasdaq-on-attacks-to-hurt-stock-prices/\r\nPage 3 of 5\n\nLeaked data of a victim\r\nBleepingComputer will not be naming the victim until we confirm the validity of the alleged attack. \r\nRansomware attacks are data breaches!\r\nThis feels like a daily statement from BleepingComputer, but all ransomware attacks are now data breaches and must be\r\ntreated as such.\r\nThe files that were stolen by ransomware operators not only contain company data but also the personal information of its\r\nemployees.\r\nBy not disclosing these attacks and what has been stolen, company's put their employees at risk of identity theft, fraud, and\r\nother malicious attacks.\r\nThis could lead to fines by government agencies and lawsuits from employees whose data has been compromised.\r\nBe smart and transparent about ransomware attacks. It is better in the long run.\r\nhttps://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-may-tip-nasdaq-on-attacks-to-hurt-stock-prices/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-may-tip-nasdaq-on-attacks-to-hurt-stock-prices/\r\nhttps://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-may-tip-nasdaq-on-attacks-to-hurt-stock-prices/\r\nPage 5 of 5", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA", "Malpedia" ], "origins": [ "web" ], "references": [ "https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-may-tip-nasdaq-on-attacks-to-hurt-stock-prices/" ], "report_names": [ "sodinokibi-ransomware-may-tip-nasdaq-on-attacks-to-hurt-stock-prices" ], "threat_actors": [ { "id": "d90307b6-14a9-4d0b-9156-89e453d6eb13", "created_at": "2022-10-25T16:07:23.773944Z", "updated_at": "2026-04-10T02:00:04.746188Z", "deleted_at": null, "main_name": "Lead", "aliases": [ "Casper", "TG-3279" ], "source_name": "ETDA:Lead", "tools": [ "Agentemis", "BleDoor", "Cobalt Strike", "CobaltStrike", "RbDoor", "RibDoor", "Winnti", "cobeacon" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434896, "ts_updated_at": 1775826736, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/489b15950177bc8b978c54f8282f8060537a096b.pdf", "text": "https://archive.orkl.eu/489b15950177bc8b978c54f8282f8060537a096b.txt", "img": "https://archive.orkl.eu/489b15950177bc8b978c54f8282f8060537a096b.jpg" } }