Siirry pääsisältöön

Creators of REvil (Sodinokibi) claim to have sold Donald Trump’s data

Earlier this week, we talked about how a hacker group behind the development of the ransomware REvil (Sodinokibi) hacked Grubman Shire Meiselas & Sacks (GSMS), a New York law firm. USA. Now Sodinokibi claims to have sold Donald Trump data.

Among clients of this company are dozens of world stars: the GSMS customer list contains such names as Madonna, Lady Gaga, Elton John, Robert de Niro, Nicki Minaj, U2 and so on.

As often happens recently, hackers not only encrypted the data of the affected company, but also stole a lot of files related to the GSMS star clients.

“The total amount of stolen information was 756 GB, including contracts, phone numbers, email addresses, personal correspondence, non-disclosure agreements and much more”, – claims the group.

After the hack, the group gave the affected company a week to pay the ransom. When this period expired, on the intruders site arrived a new message. REvil operators said that during negotiations with GSMS representatives they were offered a payment of $365,000, while hackers demanded $21,000,000 for the stolen data. Since the ransom was not paid at the appointed time, the hackers decided to double it, so now the amount should be no less than 42 million dollars.

The main card of the REvil operators is data about Trump, due to which they demanded such a fabulous sum from the injured law firm. The fact is that the attackers threatened GSMS that they would publish some incriminating evidence on US President Donald Trump. To begin with, hackers published more than 160 letters, in which Donald Trump was mentioned in one way or another (there was nothing compromising or secret in these messages at all, Trump’s name was basically just meanwhile mentioned there).

“If the ransom is not paid, then every week GSMS customer data will be sold on the darkknet (in alphabetical order). We don’t care who ultimately buys this information – the stars themselves, the media or the blackmailers – the main thing is that we can make money on it”, – said the hackers.

Now the group has unexpectedly announced that certain people are interested in “buying all the data about the US president,” which hackers have accumulated during their activity. REvil operators write that the deal has already taken place, and they were satisfied. Also, the attackers note that they keep their word, that is, now this information has been deleted and only unnamed buyer has a single copy of it.

As a result, information security experts agree that the hackers did not have any incriminating evidence about the US president. Attackers simply tried to put pressure on the GSMS leadership. And the alleged deal is just a way to save face.

In a new message, creators of REvil write that they now plan to put for sale GSMS files, associated with Madonna. The starting price is $1,000,000.

Sodinokibi sold trump data

It seems that the attitude to the group’s threats has become a little less serious. It may be reckless, as recently their crime colleagues from DoppelPaymer published in the public domain Boeing, Lockheed Martin, SpaceX and Tesla documents.

Source: https://adware.guru/creators-of-revil-sodinokibi-claim-to-have-sold-donald-trumps-data/

Kommentit

Lähetä kommentti

Tämän blogin suosituimmat tekstit

About “Antivirus update is prepared” scam

The “ Antivirus update is prepared ” alerts are a social engineering attack that places your web browser on full screen and display pop-up messages that won’t go away, basically hacking your browser. These fake error windows aim to fool you right into calling a suggested technological support hotline. If you call these fraudsters, they can use phony services for your “troubles” as well as ask for order in the kind of a single charge or subscription to a purported support service. These “ Antivirus update is prepared ” informs are absolutely nothing more than a scam. Don’t call the number in the pop-ups. Microsoft’s error and also alerting messages never consist of a contact number. Microsoft does not send out unrequested email messages or make unwanted phone calls to request personal or financial info or repair your Windows. Treat all unwanted phone calls or pop-ups with apprehension. Do not give any individual info. Your internet browser might be redirected to the websites that displa
1 kommentti
Lue lisää

Remove Eking Virus (+Decrypt .[decphob@tuta.io].eking files) – Phobos Ransomware

Eking Virus Ransomware T he  Eking  stands for a ransomware-type infection. The virus comes from the  Phobos  ransomware family. Eking was elaborated specifically to encrypt all major file types. As soon as the file is encrypted people are unable to use them. Eking adds the “.[decphob@tuta.io].eking” extension for each file encrypted by it. For example, the file “ myphoto.jpg “, when encrypted by Eking, will be renamed into “ myphoto.jpg.[decphob@tuta.io].eking “. As soon as the encryption is completed, Eking places a special text file into every folder containing the encrypted data. The message given by Eking text file requesting for the ransom is absolutely the like the statements given by other ransomware virus representatives belonging to the Phobos clan. It literally points out that the information is encrypted and that the only way to bring back it is to use a a special decryption key. Unfortunately, this is definitely true. The type of cryptography mechanism applied by Eking is
Lähetä kommentti
Lue lisää