Ransomware still remains one of the main methods that hackers utilise to carry out cyber attacks on businesses.
New strains of viruses are emerging all the time one such type is Sodinokibi which is only three months old but has had a significant impact already. It is also know as Sodin and REvil and connected to a previous form of ransomware called GrandCrab.
It is beloved that the average ransom demand for Sodinokibi in May was $150,000 against $50,ooo for other forms of ransomware. The largest recorded to date is $500,000.
Furthermore according to a report by Coveware, an incident response company the average downtime from a ransomware attack during the first part of this year has increased from 7.3 days 9.6 days which is believed to be due to the impact of this new ransomware.
The use of Sodinokibi is also on the increase so much that it now accounts for 12.50% of the overall market.
Attack Methods
Sodinokibi is a ransomware-as-service (RaaS) and is used to attack both businesses and consumers and use various attack methods that include the following:-
- Acting as malicious spam
- Phishing attacks
- Malvertising
- Exploitation of vulnerabilities in Oracle
The Signs of this Ransomware Infection
The normal signs of a ransomware attack are displayed when a computer system has been compromised by Sodinokibi this being changes in the desktop wallpaper and the announcement of the attack by way of a ransom note.
https://www.zdnet.com/article/sodinokibi-ransomware-is-now-using-a-former-windows-zero-day/
How it Happens
Files are encrypted on local drives by an encryption algorithm renaming all files with a pre-generated pseudo- random alpha- numeric extension that can be up to eight characters in length. This type of ransomware appears to target files which are mainly media related.
It also has been found to delete shadow copies of back-up and disables the Windows Startup Repair tool which prevents users from fixing any system errors relating to the ransomware attack.
Sodinokibi is unique in that it does latch on to zero-day vulnerabilities and and allow a Sodinokibi ransomware attacker access to endpoints that it infects replicating tasks that administrators would normally carry out.
How to Try and Prevent an Attack
Creation of back-ups of data on an external drive or on the cloud
Ensure that updates are run on all computer systems and appropriate patching is carried out.
Reinforce training of staff so that they are aware of possible phishing attacks that might carry this ransomware.
Restrict the use administrative tools to the IT team
Disable macro on Microsoft Office products
Cyber Insurance
The purchase of cyber insurance can help manage and mitigate the impact of these form of attack. This type of policy will provide coverage for the investigation costs of such an attack, the cost of negotiating with the hackers and if need be the actual ransom itself.
Image : Shutterstock