SodinokibiA new threat has emerged, according to ESET surveys, targeting managed service providers (MSPs) and small and medium-sized enterprises worldwide.
This is Sodinokibi, a dangerous ransomware, which first appeared near the end of April 2019, peaked in June, and, by the end of the year, had hit mainly users in the United States, but also a wide range of targets worldwide.
Image: Sodinokibi scans by country
According to ESET researchers, the cybercriminals behind Sodinokibi seem to prefer to use automated tools, such as exploit kits or spam, to distribute their ransomware, rather than hacking into computers via the RDP protocol.
At this stage, if a company falls victim to Sodinokibi and is held for ransom, decryption is only possible using the hackers' keys. ESET's telemetry showed that the devices that were easiest for Sodinokibi to infect had software security files with wrong settings or updates were not done.
ESET urges MSPs and SMEs to review their defenses against ransomware and better understand the factors that can lead to infringement of their systems, initially applying the following basic steps:
___________________
• Take backups on a regular basis and keep at least one complete copy security of the most valuable data in an off-line environment.
• Update all software and applications - including operating systems.
• Use a reliable, multi-level security solution and make sure it is up to date.
• Check your networks for dangerous accounts using weak passwords accesss.
• Disable or uninstall any unnecessary services and software.
