SodinokibiA new threat has emerged, according to ESET surveys, targeting managed service providers (MSPs) and small and medium-sized enterprises worldwide.
This is Sodinokibi, a dangerous ransomware, which first appeared near the end of April 2019, peaked in June, and, by the end of the year, had hit mainly users in the United States, but also a wide range of targets worldwide.
Image: Sodinokibi scans by country
According to ESET researchers, the cybercriminals behind Sodinokibi seem to prefer to use automated tools, such as exploit kits or spam, to distribute their ransomware, rather than hacking into computers via the RDP protocol.
At this stage, if a company falls victim to Sodinokibi and is held for ransom, it is not possible toencryption unless the hackers' keys are used. ESET's telemetry showed that devices that were easiest for Sodinokibi to infect had misconfigured security software or hadn't been updated.
ESET urges MSPs and SMEs to test their defenses against ransomware and to better understand the factors that can lead to their systems being compromised by first implementing the following key steps:
___________________
• Back up on a regular basis and keep at least one full backup of your most valuable data in an offline environment.
• Update all software and applications – including operating systems.
• Use a reliable, multi-level security solution and make sure it is up to date.
• Check your networks for dangerous accounts using weak passwords access.
• Disable or uninstall any unnecessary services and software.
