Menu
Menu

Ransomware Sodinokibi: The New and Improved Nemesis in Enterprise Cybersecurity6 min read

Sodinokibi

Ransomware is a term that refers to malicious software whose main intention is to limit the functions of a computer and hijack the information it contains.

In these cases the attacker asks for compensation in exchange for the release of the information from the device, mainly this is the objective of ransomware Sodinokibi.

This type of malicious program is used in many criminal schemes because it only needs a misleading link in an email, instant message, or website in order to install itself on the target and start the “hijacking”.

Although these types of threats were not created recently, in fact, they are among the first to appear with the arrival of the digital era, their ease of implementation compared to the amount of damage they generate has made them increasingly popular.

So, with these threats being so old, shouldn’t we already be protected from this threat?

There are many tools that seek to improve the protection provided to individuals, companies and businesses with respect to the various vulnerabilities that may arise, but it is also true that threats are constantly growing in quality, effectiveness and speed.

Before continuing, make sure you know the 5 most common cyber-attacks you may face.

Sodinokibi and Ransomware a Service (RaaS): an affiliate program for cybercriminals

RansomwareHundreds of experts in the field of cybersecurity are trying to find a definitive solution to all the vulnerabilities of companies or businesses, but as they grow, so does their attack surface, making it increasingly difficult for these tools to maintain the protection they originally promised to provide.

On the other hand, the cyber-criminal community did not remain passive when they saw the attempts of these people to end their fraudulent business model, because of this they decided to go one step further and “imitate” what is normally done with any other type of product that generates a demand in the market.

This created what is now known as Ransomware as a Service.

In that sense, RaaS works like an ordinary affiliate program, where a person on the deep web hires a pre-designed and sometimes custom-made ransomware service, so that the customer can then use it immediately and without the need to code the product personally.

Even the people who hire such a service (as in an affiliate program) have access to a dashboard where they can observe, in real time, the status of any attack they have launched.

Finally, ransomware Sodinokibi is one of the most harmful, effective and easy to acquire malware thanks to this new fraudulent business model.

Effect of the RaaS model on cybersecurity in 2020

It allows any person to carry out an attack without the need for technical knowledge.

The RaaS business model is so lucrative that you can even get publicity for this service on the deep web.

The trend of attacks using this type of software has shifted from targeting the average citizen to companies and government organizations.

In most cases computers are not released even after sending payment.

Growing popularity of Ransomware attacks: Why?

There are currently three main reasons why this particular type of attack is on the rise:

1. Payments of higher amount of ransoms

In 2020 the main targets of these attacks have shifted from average citizens to large companies or government organizations.

Large companies possess much more valuable information than the average person can have on their computer.

It is natural to imagine that a company can pay a much higher ransom than the average citizen.

There are three current cases of large companies that have been affected by this type of malware Visser, Epiq Global, and Cognizant.

 

2. More vulnerable objectives

Unfortunately, the defense of many companies currently leaves much to desire.

For many businesses it is not a priority to invest in the cybersecurity of their infrastructure despite the fact that attacks and vulnerabilities are constantly increasing.

This generates discrepancies between the vulnerabilities that can be detected and those that must be resolved as soon as possible.

And this is what ransomware sodinokibi and similar products are exploiting.

 

3. Boom in the cyber insurance market

Possessing insurance against adversity is always a good strategy for any business.

However, although it may not seem so, this has caused the number of attacks to increase.

A company insured against cyber-attacks is more likely to pay the ransom if it is covered by a policy.

One of the most prominent cases regarding this point occurred in the city of Lake City, Florida where the city government paid a $460,000 ransom in exchange for recovering the hijacked information.

 

Ransomware Sodinokibi and the vulnerabilities it exploits

Among the latest and most dangerous ransomware being marketed as RaaS is ransomware REvil or sodinokibi.

This software has affected around 500,000 companies worldwide since its appearance in 2019.

What makes sodinokibi ransomware so dangerous is the large number of attack vectors that exploit these vulnerabilities.

CVE-2019-2725 with a score of 9.8
CVE-2019-0708 with a score of 9.8
CVE-2019-19781 with a score of 9.8
SodinokibiCVE-2018-8453 with a score of 7.8

Among the most prominent cases using ransomware sodinokibi are the attack on BancoEstado, and the attack on Telecom.

As for BancoEstado de Chile, the attack forced them to shut down their operations for a whole day.

Telecom did not see its operations interrupted, however, the attackers demanded a payment of $7.5 million to free their computers.

Prevention is better than regret: Tenable.io and its predictive analysis of vulnerabilities

Unfortunately, there are many real cases where companies believe they are immune to this type of attack and threat.

This forces IT teams to work with less optimized tools at the moment to solve a problem or attack a vulnerability.

In addition, the current situation forces us to work from remote locations; in these cases the best thing you can do is to optimize the security of your remote team.

Using the tools provided by tenable.io you can solve any problems generated by the Sodinokibi ransomware.

Tenable.io offers cybersecurity teams cutting-edge technology to defend against all types of threats.

Currently Tenable.io offers the following cybersecurity solutions:

Cost model based on the amount of assets of the company.

Complete visualization of assets regardless of their location or quantity (both in old and modern environments).

Predictive prioritization of vulnerabilities more likely to appear and cause havoc to systems.

Risk-based vulnerability management to improve productivity when seeking definitive solutions.

Native cloud tool, easy to install, program, and implement.

Pre-designed and customized reporting templates

Conversion of raw data into processed knowledge for better communication

Finally we want to recommend this article where you will learn how to create the security framework of your company step by step.

In case you want to try a free version of Tenable.io do not hesitate to contact us.

GB Advisors offers specialized solutions for the implementation of ITSM software, providing companies with the security solutions they deserve.

 

Did you like this information? Share it with your colleagues:
Scroll to top