Search
Appgate SDP
SDP Overview
Learn how Appgate SDP reduces risk and complexity, and why it's the industry's most comprehensive Zero Trust network access solution.
How Appgate SDP Works
Find out about the inner-workings of the most flexible and adaptable Zero Trust Network Access solution available today.
SDP Integrations
Explore security, IT and business-system integrations that can enhance and help you adapt Appgate SDP to your existing workflows
SDP for Developers
Access developer tools and resources to maximize the value of your Appgate SDP deployment.
Zero Trust Network Access for:
Risk-Based Authentication
Overview
Learn how Risk-Based Authentication provides a frictionless, intelligent and data-informed approach to user authentication.
Strong Authentication
Find out how you can provide secure, frictionless access with the right multi-factor authentication method.
Transaction Monitoring
Explore the tools you can use to intelligently identify and prevent online fraud.
Behavioral Biometrics Service
Learn how behavioral analysis and machine learning stop fraudulent online web activity in real-time.
Secure Consumer Access for:
Digital Threat Protection
Overview
Discover how you can gain unparalleled threat visibility and the risk management tools that enable early identification and elimination of potential attacks.
Key Features
Take a deep dive into the features and tools contained within our industry-leading Digital Threat Protection (DTP) solution.
CYBER RESEARCH

Felipe Duarte DominguesAugust 19, 2020

Ransomware Attacks Continue to Surge in 2020

After Jack Daniels (Brown-Forman) Refuses Payment, Sodinokibi Calls Out New Oil & Gas, Insurance, and Consulting Firm Victims

Share


As we have previously written about (with its attack on Light S.A.), Sodinokibi is considered one of the most dangerous and successful ransomware threats of 2020. This week, Brown-Forman Corp, manufacturer of alcoholic beverages and famous for manufacturing Jack Daniels products, was a victim of Sodinokibi. The company refused to pay the ransom, which led to the REvil hackers publishing the exfiltrated data on their public "wall-of-shame".

Additionally, recently the REvil group claimed to have stolen gigabytes of legal documents from GSMLaw law firm, containing dozens of international stars and celebrities sensitive data. Our team confirmed that those documents are for auction on the deep web site, starting at $600,000, or you can buy instantly at a blitz price of $1.5 million each. however, there is no way to confirm if the document data really exists or if it's just a threat.

Now, it appears that the REvil group may have successfully infiltrated three international targets, in the oil and gas, insurance, and consulting industries. A new posting on their "Happy Blog", the deep web page on which they publish information about some targets (specifically ones that decide not to pay the ransom), cites information on quest-worldwide.com (Australia), eurecat.com (France) and National Western Life (USA). National Western Life was published with a threat, in which the hackers claim "lack of discretion" and even published the family documents of Ross Moody, the COO.

We note that these new targets have not had their files leaked on the site yet — the site claims that REvil has the stolen data, with screenshots of it, and recommends that the companies contact the hackers (except for the National Western Life, where they have already published Ross Moody’s family documents).

REvil data leaking differs from the others in its auction model, whereby they publish for free most of the stolen data, and put on auction the most sensitive data for any user to bet on using the Monero (XMR) cryptocurrency.

This behavior shows that ransomware attacks are, in fact, data leak attacks as well, and attackers are getting more aggressive on their data theft model. Recent attacks show that publishing the data may have a higher financial impact on the companies than having their files encrypted/locked.

The Deep Web images below, from REvil have had some information blurred out to protect the companies.

National Western Life - publicly-traded insurance company, based in Austin, TX



Eurecat - Oil and Gas firm, headquartered in France




Quest Worldwide - Consulting firm, based in Sydney, Australia



Felipe Duarte Domingues, Security Researcher, Appgate

Receive News and Updates From Appgate