Sodinokibi ransomware, also known as Sodin and REvil, is hardly three months old, yet it has quickly become a topic of discussion among cybersecurity professionals because of its apparent connection with the infamous-but-now-defunct GandCrab ransomware.
Detected by Malwarebytes as Ransom. Sodinokibi, Sodinokibi is a ransomware-as-a-service (RaaS), just as GandCrab was, though researchers believe it to be more advanced than its predecessor. We’ve watched this threat target businesses and consumers equally since the beginning of May, with a spike for businesses at the start of June and elevations in consumer detections in both mid-June and mid-July. Based on our telemetry, Sodinokibi has been on the rise since GandCrab’s exit at the end of May.
ANALYSIS OF THE ATTACK
Type and source of infection
Ransom. Sodinokibi is ransomware that encrypts all the files on local drives except for those that are listed in their configuration file.
Targeted files have the extensions .jpg, .jpeg, .raw, .tif, .png, .bmp, .3dm, .max, .accdb, .db, .mdb, .dwg, .dxf, .cpp, .cs, .h, ,php, .asp, .rb, .java, .aaf, .aep, .aepx, .plb, .prel, .aet, .ppj, .gif, and .psd.
For more Cyber Security Information Contact us at firstname.lastname@example.org