$2,500 per user as ransom:

Talos researchers spotted Sodinokibi, a ransomware that encrypts the files and delete the backups in order to prevent the victims from recovering their data without paying the ransom was being delivered through Oracle's Weblogic Server Flaw.

Read more: https://www.securityweek.com/new-sodinokibi-ransomware-delivered-oracle-weblogic-flaw