Beware of Sodinokibi Ransomware

Release Date: 30 Apr 2019 4409 Views

HKCERT observed a new ransomware named "Sodinokibi" being deployed via Zero Day vulnerabilities recently. Web application vulnerabilities is one of the known attack vectors.

 

What ransomware usually does? Ransomware is used to encrypted victim’s files and causes the data unavailable. And ransom the victim to pay for it.

 

HKCERT does not recommend victims to pay the redemption. In many pervious cases, the attacker will not recover the files even though you pay them.

 

Sodinokibi Ransomware identifier:

  1. A random extension
  2. [random extension]-readme.txt (As the screenshot show)

 

Image Source: https://www.youtube.com/watch?v=MlfYEqAjXUE

 

To mitigate the potential problem, you can:

  1. Always do offline data backup regularly.
  2. Protect your web applications.(refer to The Ten Most Critical Web Application Security Risks (OWASP Top 10))
  3. Patch your application/system e.g. CMS, web server, etc.

 

Reference: https://twitter.com/GrujaRS/status/1122031871033057280

Share with

Previous

Favourite Security Reads of the Fortnight (26 Apr 2019)

26 Apr 2019 3290 Views

Next

Updates on Hong Kong Google Play Store's Apps Security Risk Report (7 May 2019)

7 May 2019 3263 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY