silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,210
The Sodinokibi ransomware is looking to increase its privileges on a victim machine by exploiting a vulnerability in the Win32k component present on Windows 7 through 10 and Server editions.
The file-encrypting malware stepped into the limelight in April when it started to exploit a critical vulnerability in Oracle WebLogic.
Sodinokibi, a.k.a. REvil, also exploits CVE-2018-8453, security researchers found, a vulnerability discovered and reported by Kaspersky, that Microsoft patched in October 2018.
Kaspersky uses the name Sodin to refer to this strain of ransomware and telemetry data shows detections in small areas on the globe, most of them recorded in the Asia-Pacific region: Taiwan (17.56%), Hong Kong, and South Korea (8.78%). Other countries where Sodinokibi was detected are Japan (8.05%), Germany (8.05%), Italy (5.12%), Spain (4.88%), Vietnam (2.93), the U.S. (2.44%), and Malaysia (2.20%).
Sodin ransomware exploits Windows vulnerability and processor architecture
When Sodin appeared in the first half of 2019, it immediately caught our attention for distributing itself through an Oracle Weblogic vulnerability and carrying out attacks on MSP providers.
securelist.com