Cyber Incident Victim: Apex America

On or around May 9, 2021, the REvil ransomware group (also known as Sodinokibi) targeted Apex America, a Latin American digital customer experience services company partnering with over 50 global brands. REvil added Apex America to their dedicated leak site, publishing limited screencaps of stolen data as proof of compromise while announcing ongoing analysis of the exfiltrated documents. The group stated some data would be publicly released while other portions would be sold privately, inviting potential buyers to negotiate. Initial ransom demands were set at $7 million. After several days without payment, an individual purportedly representing Apex America engaged REvil in chat negotiations, inquiring about the lowest acceptable amount. REvil reduced the demand to $6 million, but the entity ceased communication following this counteroffer.

Five days after the $6 million offer, REvil’s negotiator publicly noted Apex America’s lack of response, emphasizing their intent to conduct "business, not war." Following this silence, REvil escalated by listing the company on their leak site and increasing the ransom demand. Concurrently, internal disputes emerged within REvil’s operations: affiliates "UNKN" and "Signature" filed reciprocal $7 million lawsuits via a Russian-language forum’s arbitration channel, each accusing the other of undermining the Apex America operation’s profitability. The arbitrator dismissed both claims, citing forum rules against profit-loss disputes and noting both parties assumed partnership risks. Apex America did not acknowledge the incident on its website or social media channels despite direct inquiries from DataBreaches.net, and no containment or remediation actions were disclosed. The incident concluded with REvil retaining an unspecified volume of company data for potential sale or leakage, leaving the full impact on Apex America’s operations and clients unverified in public reporting.