{
	"id": "02b159e7-15c3-47fd-9671-b40ee7726cf4",
	"created_at": "2026-04-06T00:12:53.190535Z",
	"updated_at": "2026-04-10T03:21:26.448858Z",
	"deleted_at": null,
	"sha1_hash": "ef899ea2e788bb18feebc1c9daf6c6595860a7e6",
	"title": "Sodinokibi Ransomware Threatens to Publish Data of Automotive Group",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1941530,
	"plain_text": "Sodinokibi Ransomware Threatens to Publish Data of Automotive Group\r\nBy Sergiu Gatlan\r\nPublished: 2020-01-23 · Archived: 2026-04-05 22:34:39 UTC\r\nThe attackers behind the Sodinokibi Ransomware are now threatening to publish data stolen from another victim after they\r\nfailed to get in touch and pay the ransom to have the data decrypted.\r\nSodinokibi claims that this data was stolen from GEDIA Automotive Group, a German automotive supplier with production\r\nplants in Germany, China, Hungary, India, Mexico, Poland, Hungary, Spain, and the USA.\r\nGEDIA also has over 4,300 employees all around the world and it had an annual turnover of €600 million (over $665\r\nmillion) in 2017.\r\nhttps://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-threatens-to-publish-data-of-automotive-group/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-threatens-to-publish-data-of-automotive-group/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nThe group published a Microsoft Excel spreadsheet containing an AdRecon report with information on an Active Directory\r\nenvironment.\r\nThe Sodin attackers appear to use Sense of Security's open-source AdRecon tool on each of their victims' AD environments\r\nas they have also released a similar spreadsheet for a previous victim named Artech Information Systems.\r\nBleepingComputer asked GEDIA to confirm the ransomware attack but did not hear back at the time of publication.\r\n\"Now for the tasty. gedia.com . They didn’t get in touch. All computers on the network are encrypted,\" as Sodinokibi said on\r\na Russian hacker and malware forum. \"More than 50 GB of data was stolen, including drawings, data of employees and\r\ncustomers.\r\nAll this is carefully prepared for implementation on the stock exchange of information. What they don’t buy, we’ll post it for\r\nfree. 7 days before publication.\"\r\nThis happens after Sodinokibi posted download links to 337 MB worth of files supposedly stolen from Artech Information\r\nSystems, a \"minority- and women-owned diversity supplier and one of the largest IT staffing companies in the U.S.\"\r\nThe operators behind Sodinokibi Ransomware also said that they'll begin selling the data they stole from Artech on data\r\nexchange platforms frequented by cybercriminals as they threatened on January 11.\r\nRansomware groups now behind potential data breaches\r\nExfiltrating data before encrypting ransomware victims' systems and leaking the stolen data is a new tactic recently adopted\r\nby ransomware gangs.\r\nIf their victims don't pay the ransom, the attackers will then slowly start leaking parts of the stolen data cache until they get\r\npaid or all the files have been released.\r\nThis new trend started by Maze Ransomware during late November 2019 and now adopted by Sodinokibi, as well as Nemty\r\nRansomware and BitPyLock during January 2020 who are saying that they'll start stealing data before encrypting victims'\r\ndevices.\r\nEven though they would also sniff around their victims' files before publicly announcing it, ransomware groups never\r\nreleased any of the data they stole until Maze Ransomware leaked 700 MB worth of documents stolen from Allied Universal\r\nduring late-November.\r\nCompanies that get hit by ransomware aren't yet treating such security incidents as data breaches even though a wide range\r\nof sensitive records containing personal, financial, and medical information now also gets swiped before being encrypted\r\nand ransomed.\r\nhttps://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-threatens-to-publish-data-of-automotive-group/\r\nPage 3 of 4\n\nThis will most probably change in the near future, as lawmakers will take notice and will push out legislation also requiring\r\ndata breach disclosures following ransomware attacks.\r\nH/T Damian\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-threatens-to-publish-data-of-automotive-group/\r\nhttps://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-threatens-to-publish-data-of-automotive-group/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-threatens-to-publish-data-of-automotive-group/"
	],
	"report_names": [
		"sodinokibi-ransomware-threatens-to-publish-data-of-automotive-group"
	],
	"threat_actors": [],
	"ts_created_at": 1775434373,
	"ts_updated_at": 1775791286,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/ef899ea2e788bb18feebc1c9daf6c6595860a7e6.pdf",
		"text": "https://archive.orkl.eu/ef899ea2e788bb18feebc1c9daf6c6595860a7e6.txt",
		"img": "https://archive.orkl.eu/ef899ea2e788bb18feebc1c9daf6c6595860a7e6.jpg"
	}
}