Blog

Ranstop stops Sodinokibi ransomware

Ransomware test subject – Sodinokibi

A very serious vulnerability (CVE-2019-2725), with a CVSS score of 9.8 (out of 10) affected a few versions of Oracle’s WebLogic servers. The vulnerability allowed the attackers to remotely download and execute malware – without authentication – like this ransomware, called Sodinokibi, affecting businesses and disrupting operations.

What this really means is that the cybercriminals don’t even have to bother to send you emails, fool you to click on links or to open attached documents. All they have to do is to find your vulnerable server and simply execute the malware on it. And that’s that. Your files are gone.

Fortunately, in this case, only a few versions of WebLogic were affected, and the vulnerability was patched a few days ago, so you better update your products as soon as possible.

This isn’t the only case of remote code execution vulnerability. There are many in even more products that we can count. They happen to be because of the complexity of IT ecosystems, even though software companies are doing absolutely everything they humanly can to avoid them.

Sodinokibi ransomware – test findings

The unfortunate part is that the cybercriminals exploiting this vulnerability happened to push ransomware, making the aftermath even more catastrophic.

Once executed on the attacked servers, it immediately starts encrypting important files. On our test machine, Sodinokibi encrypted most, but not all of our test files, and appended a new file extension with each run. This means that every time the ransomware executes, your files will be renamed differently. It will also delete shadow volume copies of files (these are backups automatically made by the operating system, if the feature is activated). The malware also makes it difficult to access Windows Startup Repair.

Once done, it will change the desktop wallpaper and drop a ransom note in each attacked folder. The ransom note contains a link and a code, which the user needs to paste into a tor webpage. Afterward, the price of recovery is returned. Because the cybercriminals target businesses, the price of recovery is steep, between $2500-$5000 in Bitcoins.

Sodinokibi ransomware vs Ranstop – test results

TEMASOFT Ranstop detects this version of Sodinokibi ransomware soon after it starts encrypting files. Upon detection, alerts are fired off, and the malware process is stopped and quarantined. The affected files are automatically recovered so that the user doesn’t lose any important document.


Click here to watch TEMASOFT Ranstop blocking Sodinokibi ransomware (video)!

Learn how to protect against ransomware!

About TEMASOFT Ranstop

TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.

For more information, follow us on social media and subscribe to our newsletter.


 
 

This post was last modified on August 21, 2023 7:26 am

FM Team

Share
Published by
FM Team

Recent Posts

The Role of File Monitoring Solutions in Maintaining File Integrity

In the digital world, information is often stored and transferred through files. From the most…

May 12, 2023

Guide to Conducting an Efficient File Access Permissions Audit for Admins and Technology Managers

Introduction Data security is more important than ever in today's fast-paced digital world. One critical…

April 9, 2023

File Integrity Monitoring: What It Is and Why It Matters

Introduction: Cyber threats are a growing concern for businesses and individuals alike. With the increasing…

March 5, 2023

Monitoring Essential Microsoft IIS Server Configuration Files for Enhanced Security

Microsoft Internet Information Services (IIS) is a popular web server that is widely used to…

February 25, 2023

Tracking file changes helps admins solve server configuration problems

File tracking is an important aspect of server administration, and it can help administrators detect…

February 1, 2023

Three reasons why admins should use file monitoring solutions

File monitoring solutions are essential tools for administrators to manage and protect their organizations' data…

January 6, 2023