SeaChange video platform allegedly hit by Sodinokibi ransomware
A leading supplier of video delivery software solutions is reportedly the latest victim of the Sodinokibi Ransomware, who has posted images of data they claim to have stolen from the company during a cyberattack.
SeaChange, a Waltham, Massachusets company with locations in Poland and Brazil, is an on-premise or remotely managed video-on-demand and streaming platform provider. SeaChange's customers include the BBC, Verizon, DISH, COX, DirecTV, and COX.
Since last year, ransomware operators have been launching data leak sites that they use to publish files stolen from victims when performing a ransom attack.
Ransomware operators use this tactic to scare and pressure non-paying victims into paying a ransom.
Sodinokibi posts images of SeaChange's data
In an update to their data leak site, Sodinokibi (REvil) has created a new victim page for SeaChange where they have published images of some of the documents that they have stolen during an alleged attack.
These images include a screenshot of folders on a server they claim to have had access to, a bank statement, insurance certificates, a driver's license, and a cover letter for a proposal for a Pentagon video-on-demand service.
When we asked the Sodinokibi operators how much the ransom was and the amount of data stolen, they refused to provide any further information.
"Thank you for your interest and your questions, but I really can't answer.
We publish confidential information about companies if they ignore us for a long time or decide not to pay. Otherwise, we are not ready to share any information about them in their own interests, including share which companies we have encrypted, how much data we have stolen, etc."
It is common for ransomware operators to slowly release small amounts of stolen data to continue applying pressure on their victims.
When BleepingComputer reached out to SeaChange to learn if they were aware of the posting of this data, we did not receive a response to our multiple queries.
We have also contacted the Pentagon to confirm if they knew of this alleged breach and did not receive a response.
Gloss