What is Sodinokibi?
Table of Contents
What is Sodinokibi?
Sodinokibi, also known as Sodin and REvil, is part of a new wave of highly sophisticated ransomware designed to cause sizeable damage to IT infrastructure, forcing victims to settle the ransom quickly. The first iterations of Sodinokibi were designed to exploit an Oracle WebLogic vulnerability.
Who is behind Sodinokibi ransomware?
The department also announced today the seizure of $6.1 million in funds traceable to alleged ransom payments received by Yevgeniy Polyanin, 28, a Russian national, who is also charged with conducting Sodinokibi/REvil ransomware attacks against multiple victims, including businesses and government entities in Texas on …
How does Sodinokibi ransomware spread?
Most of the times, Sodinokibi ransomware is spread by brute-force attacks and server exploits, but it’s not uncommon either to get infected through malicious links or phishing. Exploiting an Oracle WebLogic vulnerability and often bypassing antivirus software, REvil/Sodinokibi downloads a .
What is DoppelPaymer ransomware?
DoppelPaymer is ransomware-type malware designed to prevent victims from accessing their files by encryption. To regain access, victims are encouraged to pay cyber criminals a ransom. Research shows that criminals use DoppelPaymer in targeted attacks. I.e., they target specific companies and/or industries.
What month and year did Sodinokibi ransomware first appear?
Sodinokibi was first spotted in April 2019, a few months before the GandCrab “retirement,” when Talos researchers discovered the ransomware infecting machines by exploiting the Oracle WebLogic Server vulnerabilityCVE-2019-2725.
Is Sodinokibi Russian?
REvil (Ransomware Evil; also known as Sodinokibi) is a Russia-based or Russian-speaking private ransomware-as-a-service (RaaS) operation.
How much did Kaseya pay the hackers?
A high-profile attack against Colonial Pipeline in May caused panicked fuel-buying and long lines at gas stations. Another attack, against meat supplier JBS, temporarily shut down meat plants across the United States. The company eventually paid hackers $11 million to restore its systems.
Who is netwalker?
Netwalker ransomware is a Window’s specific ransomware that encrypts and exfiltrates all of the data it beaches. After a successful attack, victims are presented with a ransom note demanding a bitcoin payment in exchange for a full decryption of the compromised data.
Who is behind DoppelPaymer ransomware?
These complications are due to a move by the U.S. Treasury Department in December 2019 to add Evil Corp, the cybercrime group behind DoppelPaymer, to a list of foreign-sanctioned entities.
How does Dridex malware work?
Dridex is a form of malware that targets its victim’s banking information. This malware will target Windows users by delivering spam email campaigns to fool individuals into opening an email attachment for a Word or Excel file.