Sodinokibi Ransomware Distributed by Hackers Posing as German BSI

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
BSI, the German national cybersecurity authority, has issued a warning regarding a malspam campaign that distributes the Sodinokibi ransomware via emails designed to look like official BSI messages.

The mails are sent from the meldung @bsi-bund.org email address and, according to the BSI, the individuals targeted by this attack should not "open mails, links and attachments from this sender!" The official BSI email domain is bsi.bund.de according to CERT-Bund.

By using "Warnmeldung kompromittierter Benutzerdaten" as the subject line — which translates to "Warning message of compromised user data" — the attackers are trying to trick their targets into reacting to the bait out of curiosity and to open the infected attachments without giving it a second thought.

BleepingComputer independently tested and confirmed that the ZIP attachment delivered by this campaign will infect the targets after launching the Windows shortcut camouflaged as a PDF document within the archive.
Read more below:
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top