{
	"id": "7786013e-c4f5-4783-8206-f3756618406d",
	"created_at": "2026-04-06T01:30:47.185442Z",
	"updated_at": "2026-04-10T03:20:31.637111Z",
	"deleted_at": null,
	"sha1_hash": "b31780c42ffa6fcad99fa907fdedf8c6bd706ded",
	"title": "Sodinokibi Ransomware Data Leaks Now Sold on Hacker Forums",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2137157,
	"plain_text": "Sodinokibi Ransomware Data Leaks Now Sold on Hacker Forums\r\nBy Lawrence Abrams\r\nPublished: 2020-03-19 · Archived: 2026-04-06 00:52:04 UTC\r\nRansomware victims who do not pay a ransom and have their stolen files leaked are now facing a bigger nightmare as other\r\nhackers and criminals sell and distribute the released files on hacker forums.\r\nIn 2019, the Maze Ransomware operators began stealing data from victims before encrypting devices and using the stolen\r\nfiles as leverage to get the victims to pay. If the victim decided not to pay, the Maze operators would then publish the files.\r\nSince then, other ransomware operators such as Sodinokibi, DoppelPaymer, and Nemty have begun the same practice of\r\nusing stolen files as leverage.\r\nhttps://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-data-leaks-now-sold-on-hacker-forums/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-data-leaks-now-sold-on-hacker-forums/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nRecently, the Sodinokibi Ransomware operators published over 12 GB of stolen data allegedly belonging to a company\r\nnamed Brooks International for not paying the ransom.\r\n Sodinokibi Ransomware leaking data\r\nWhile making the data publicly accessible is bad enough, BleepingComputer has been told by cyber-intelligence firm Cyble\r\nthat other hackers and criminals have started to distribute and sell this data on hacker forums.\r\nFor example, the following image is a hacker forum post where a member is selling a link to the stolen data for 8 credits,\r\nwhich is worth approximately 2 Euros.\r\nHacker forum post selling the data\r\nFrom screenshots of the files shared with BleepingComputer, this stolen data is very valuable to hackers as it contains user\r\nnames and passwords, credit card statements, alleged tax information, and much more.\r\nBased on the comments from hackers who purchased the link to this data, they are also finding the data valuable.\r\n\"It even has credit card number \u0026 a password. lol !!\"\r\n\"To bad these W2 forms weren't Donald Trump's taxes. lol !!\"\r\n\"Thank you for being the hero we may not deserve, but need.\"\r\nhttps://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-data-leaks-now-sold-on-hacker-forums/\r\nPage 3 of 4\n\nBleepingComputer reached out to Brooks International by phone to warn them about the distribution of their data and ask\r\nrelated questions, but after speaking to someone never received a phone call back.\r\nRansomware attacks are data breaches\r\nFor a long time, BleepingComputer has been stating that Ransomware attacks are data breaches as it has been a widely\r\nknown secret that attackers sifted through their victim's files before encrypting them.\r\nNow that they are also stealing and publishing these files for non-payment, there is no longer any doubt that these attacks\r\nneed to be classified as data breaches.\r\nTo make matters worse, it is not only corporate data being exposed, but also employee's personal information being stolen. \r\nThese employees need to be informed of these breaches so that they can protect themselves from identity theft.\r\nUnfortunately, too many ransomware attacks go undisclosed, even to the employees who are impacted.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-data-leaks-now-sold-on-hacker-forums/\r\nhttps://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-data-leaks-now-sold-on-hacker-forums/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-data-leaks-now-sold-on-hacker-forums/"
	],
	"report_names": [
		"sodinokibi-ransomware-data-leaks-now-sold-on-hacker-forums"
	],
	"threat_actors": [],
	"ts_created_at": 1775439047,
	"ts_updated_at": 1775791231,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b31780c42ffa6fcad99fa907fdedf8c6bd706ded.pdf",
		"text": "https://archive.orkl.eu/b31780c42ffa6fcad99fa907fdedf8c6bd706ded.txt",
		"img": "https://archive.orkl.eu/b31780c42ffa6fcad99fa907fdedf8c6bd706ded.jpg"
	}
}