# Sodinokibi Ransomware Publishes Stolen Data for the First Time **[bleepingcomputer.com/news/security/sodinokibi-ransomware-publishes-stolen-data-for-the-first-time/](https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-publishes-stolen-data-for-the-first-time/)** Lawrence Abrams By [Lawrence Abrams](https://www.bleepingcomputer.com/author/lawrence-abrams/) January 11, 2020 06:07 PM 2 For the first time, the operators behind the Sodinokibi Ransomware have released files stolen from one of their victims because a ransom was not paid in time. Since last month, the representatives of the Sodinokibi, otherwise known as REvil, have [publicly stated that they would begin to follow Maze's example and publish data stolen from](https://www.bleepingcomputer.com/news/security/another-ransomware-will-now-publish-victims-data-if-not-paid/) victims if they do not pay a ransom. ----- While there have been threats made against Travelex and CDH Investments, they have not carried through with them. This all changed today when the public representative of Sodinokibi stated they beginning to "keep promises" as they posted links to approximately 337MB of allegedly stolen victim files on a Russian hacker and malware forum. ----- **Sodinokibi publishing victim's data** Source: [Damien](https://twitter.com/Damian1338) They claim this data belongs to Artech Information Systems, who describe themselves as a "minority- and women-owned diversity supplier and one of the largest IT staffing companies in the U.S", and that they will release more if a ransom is not paid. "This is a small part of what we have. If there are no movements, we will sell the remaining, more important and interesting commercial and personal data to third parties, including financial details." At this time, Artech's site is down and it is not known if it is due to this attack. BleepingComputer has reached out to Artech with questions related to the ransomware attack, but have not heard back. As we have been saying over and over, ransomware attacks need to be treated with transparency and as a data breach. By trying to hide these attacks, and the theft of employee, company, and customer data, companies are not only risking fines and lawsuits but are also putting personal data at risk. This practice of using stolen data as leverage is not going to go away and is only going to get worse. ----- Expect to see more ransomware operators began to utilize this practice as it becomes the norm in attacks. ## Related Articles: [Industrial Spy data extortion market gets into the ransomware game](https://www.bleepingcomputer.com/news/security/industrial-spy-data-extortion-market-gets-into-the-ransomware-game/) [New RansomHouse group sets up extortion market, adds first victims](https://www.bleepingcomputer.com/news/security/new-ransomhouse-group-sets-up-extortion-market-adds-first-victims/) [The Week in Ransomware - May 6th 2022 - An evolving landscape](https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-6th-2022-an-evolving-landscape/) [Conti, REvil, LockBit ransomware bugs exploited to block encryption](https://www.bleepingcomputer.com/news/security/conti-revil-lockbit-ransomware-bugs-exploited-to-block-encryption/) [Quantum ransomware seen deployed in rapid network attacks](https://www.bleepingcomputer.com/news/security/quantum-ransomware-seen-deployed-in-rapid-network-attacks/) [Data Exfiltration](https://www.bleepingcomputer.com/tag/data-exfiltration/) [Extortion](https://www.bleepingcomputer.com/tag/extortion/) [Ransomware](https://www.bleepingcomputer.com/tag/ransomware/) [REvil](https://www.bleepingcomputer.com/tag/revil/) [Sodinokibi](https://www.bleepingcomputer.com/tag/sodinokibi/) [Lawrence Abrams](https://www.bleepingcomputer.com/author/lawrence-abrams/) Lawrence Abrams is the owner and Editor in Chief of BleepingComputer.com. Lawrence's area of expertise includes Windows, malware removal, and computer forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation, Recovery, and Administration Field Guide and the technical editor for Rootkits for Dummies. [Previous Article](https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-10th-2020-now-data-breaches/) [Next Article](https://www.bleepingcomputer.com/news/microsoft/windows-7-reminder-get-a-free-windows-10-upgrade-while-you-can/) ## Comments [thattimguy - 2 years ago](https://www.bleepingcomputer.com/forums/u/1151695/thattimguy/) I worked for Artech at a F.A.N.G. company, where they happen to be staffing large numbers of people. Slightly concerned. ----- [Lawrence Abrams - 2 years ago](https://www.bleepingcomputer.com/author/lawrence-abrams/) We have not heard back from them unfortunately. Post a Comment [Community Rules](https://www.bleepingcomputer.com/posting-guidelines/) You need to login in order to post a comment [Not a member yet? Register Now](https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=register) ## You may also like: -----