Illustration: Aïda Amer/Axios
Threat actors using the Sodinokibi ransomware made “at least” $123 million in 2020, stealing roughly 21.6 terabytes of data, according to a new report by IBM researchers.
The backdrop: Sodinokibi was the most-used ransomware observed by the researchers, accounting for 22% of all incidents in 2020. Cyber criminals using Sodinokibi demanded $42 million for a single ransom, writes IBM.
Why it matters: In 2020, ransomware actors “shifted tactics to not only encrypt data and render it impossible to access,” write the researchers. “They also stole it, and then threatened to leak sensitive data if a ransom was not paid.”
By the numbers: The Sodinokibi ransoms “peaked in June or July 2020 and then rose again after a brief lull in August and September, potentially related to threat actor availability, vacations, and alternate employment obligations,” write the researchers.
- Nearly two-thirds of Sodinokibi victims agreed to pay the requested ransom, writes IBM — but more than 40% of their victims still had their data leaked.
- By far, the most Sodinokibi victims — 58% — were based in the U.S., with the U.K. coming in second at 8%.
- The most targeted entities were companies in the manufacturing, professional services and wholesale sectors. “Nearly all” ransomware attacks on the retail sector made in 2020 were made via Sodinokibi, writes IBM.
- But the threat actors using Sodinokibi have also been perfectly happy to hold governments hostage, being responsible for almost half of all ransomware attacks on government entities in 2020, per the IBM researchers.