SinobiSinobi

Sinobi is a financially motivated ransomware group that employs data theft and extortion as primary tactics, operating a public-facing leak portal to pressure victims during ransom negotiations. The group utilizes techniques such as phishing, credential compromise, and exploitation of unpatched vulnerabilities for initial access, followed by data exfiltration using tools like RClone. Sinobi ransomware employs Curve-25519 and AES-128-CTR for file encryption, making recovery impossible without the attacker's private key. The group has been linked to significant breaches across various sectors, including automotive, legal, and nonprofit organizations.