Malware like Sodinokibi is not new: its creators gain access to company computers and networks, encrypt important files and demand a ransom for their release. Recently, media reports have been increasing, on bleepingcomputer.com for example, according to which the attackers are using a second strategy: they search the data set for information that could be particularly damaging to the company under attack – such as the social security numbers of its customers. If they find such information, then they threaten to publish it or sell it on the dark web. They also say that they will tell the affected customers about it, including the name of the company they have to “thank” for the leak. A company’s reputation would be severely affected by such “public shaming”, and the effects could be much more serious than the financial losses.

The case of the automotive supplier Gedia highlighted the consequences of such an attack in January, in which sensitive data was published. Its entire IT infrastructure was also paralyzed. The technical portal heise.de predicts that this trend will continue and grow. This means that companies should consider ransomware infections as potential sensitive data leaks – and when in doubt, inform their customers early, before the attackers do.