Internet Security Tips

The Sondinokini Ransomware Gang has gone an extra step ahead and launched an auction stolen data website. The gang is accused of attacking UK Powergrid Middleman Elexon and has recently launched an eBay auction site to sell data of the victim that denied paying the ransom.

The group recently announced that they have stolen a massive amount of user data and legal documents from Grubman Shire Meiselas & Sacks. The data also contains confidential information about some well-known names of international stars including Madonna, Elton John, Usher, Chris Brown, and many other popular celebrities.

The firm plans to sell Madonna’s legal documents in the auction.

Target network vulnerabilities help the ransomware to exploit and infect various systems. Some of its popular attacks include:

Popular Attacks

• Earlier in May 2019, hackers had exploited the Oracle WebLogic Server loopholes. The server was recently patched.
• In June 2019, Service providers were on the hit list of Sodinokibi Ransomware.
• And in August, it also targeted the DDS Safe Solutions company which is used worldwide by various local government organizations and dental agencies.
• In addition to that, the gang also runs a separate site where it shares pieces of stolen victims’ data to threaten victims.

Auction sites are the latest addition to its working methodology and plan to auction the data of a Canadian agricultural company first. The company’s data was stolen in May which denied paying the ransom. The starting auction price is set at $50,000 which will be traded in Monero cryptocurrency.

In addition to this, the Sodinokibi Ransomware Gang is also planning to auction stolen data from Grubman Shire Meiselas & Sacks. Madonna’s information is first on the list and the gang plans to start the auction with a tagline “remember Madonna and other people”.

Auction: Details Procedure

Here is the working procedure of the auction.

• Register on the auction site.
• Deposit a refundable fee of 10% of the starting auction price.
• All the fees and computational operations involved in the process takes place using the Monero cryptocurrency.
• Agree to the terms and conditions of the auction by clicking on the “Continue” button post which you will be provided with login credentials to be able to deposit the initial 10 % fee and participate in the auction procedure.

Auctioning stolen data is the upcoming trend in the cybercriminal world, with Sodinokibi not being the only operator. In addition to the Sodinokibi gang, there are other gangs also that are planning to auction stolen data. Some of the popular names include Nemty, NetWalker, Maze, RagnarLocker, and many more.

Regular system backups along with powerful safety measures can help you combat the effect of data loss.