Sodin Ransomware

A ransomware strain named Sodinokibi (also Sodin or REvil) is using a former Windows zero-day vulnerability to elevate itself to admin access on infected hosts. Unlike typical ransomware that requires a user’s involvement (for example, the victim would need to launch a file from a phishing letter), in this case, no user participation is needed.

The Sodin code was found to contain a “skeleton key” that works as a backdoor to the encryption process, allowing the malware creator to decrypt any file, regardless of the original public & private encryption keys used to lock a victim’s data. This type of mechanism suggests Sodin is being distributed via a ransomware-as-a-service (RaaS) scheme, rather than being directly distributed by its creator(s). Researchers found that most targets of this ransomware were found in the Asian region: 17.6 percent of attacks have been detected in Taiwan, 9.8 percent in Hong Kong and 8.8 percent in the Republic of Korea. Attacks have also been observed in Europe, North America and Latin America.

So how can you protect yourself from potential malware threats like Sodin? For a start, take seriously the storing of passwords for remote access to anything, and use two-factor authentication wherever possible. Of course, updating software remains a critical job. Security products with vulnerability assessment and patch management capabilities may help to automate these processes.

Worried about online threats jeopardizing your business?
Contact SCI today to learn more about our robust security offerings.

Read more: New ransomware that exploits Windows flaw identified