Hackers start selling and distributing Sodinokibi data leaks on hacking forums

The data allegedly belongs to consultancy Brooks International, which refused to pay ransom to cyber criminals

Brooks International's stolen data that was recently published by Sodinokibi ransomware operators is now available on hacking forums for purchase.

BleepingComputer claims it was recently informed by cyber-intelligence firm Cyble that various hackers and criminal groups have started selling and distributing the data belonging to Brooks International on the dark web.

Brooks International had refused to pay ransom to cyber criminals in return of unlocking their systems that had been encrypted by Sodinokibi ransomware.

Following that, the ransomware group released over 12 GB of data stolen from the Brooks International's computers on public domain.

According to BleepingComputer, one hacker on a dark web forum offered to sell a link to the stolen data for just eight credits (worth two euros). The data, which contains credit card statements, user names/passwords, tax information, and lots of other details, is highly valuable to hackers and identify thieves.

"It even has credit card number & a password. lol !!" a hacker who purchased the link to the stolen data commented.

"Too bad these W2 forms weren't Donald Trump's taxes. lol !!"

"Thank you for being the hero we may not deserve, but need."

In 2019, the Maze ransomware operators became the first ransomware group to start the practice of stealing data from victims before encrypting their devices. The stolen files were used as leverage to force the victims to pay the ransom. The data of victims who refused to pay-up was published by Maze operators.

More recently, other ransomware operators, such as Nemty, DoppelPaymer and Sodinokibi, have started following Maze's example.

In January, Sodinokibi ransomware operators, for the first time, released files stolen from one of their victims. The links to nearly 337MB of files were posted on a Russian malware forum. The operators claimed that the data belonged to US tech firm Artech Information Systems.

The most famous recent victims of Sodinokibi ransomware include Synoptek, a California-based managed services provider, and Travelex, the UK-based foreign exchange giant, whose parent company is now in serious financial difficulties.

In both cases, Sodinokibi operators claimed that they first stole files from computers before encrypting them.

In somewhat unexpected news from ransomware industry, operators of Maze and DoppelPaymer malware told BleepingComputer that they will not target medical organisations during the current coronavirus outbreak.

The DoppelPaymer operators said that they always try to avoid attacking "hospitals, nursing homes" and "911", adding that if they do that by mistake the systems are immediately decrypted for free.

Maze operators also said that they are stopping all activities against "all kinds of medical organisations until the stabilisation of the situation with virus".