Sodinokibi: A new threat has emerged, according to ESET surveys, which targets companies that provide managed services (MSP) και μικρομεσαίες επιχειρήσεις σε όλο τον κόσμο.
This is Sodinokibi, a dangerous ransomware, which first appeared near the end of April 2019, peaked in June, and, by the end of the year, had hit mainly users in the United States, but also a wide range of targets worldwide.
Image: Sodinokibi scans by country
According to researchers της ESET, οι κυβερνοεγκληματίες πίσω από το Sodinokibi φαίνεται να προτιμούν να χρησιμοποιούν αυτοματοποιημένα εργαλεία, όπως exploit kit ή spam, για να διανείμουν το ransomware τους, παρά να παραβιάζουν υπολογιστές μέσω του πρωτοκόλλου RDP.
Στην παρούσα φάση, αν μία εταιρεία πέσει θύμα του Sodinokibi και της ζητηθούν ransom, δεν είναι δυνατή η αποκρυπτογράφηση παρά μόνο αν χρησιμοποιηθούν τα κλειδιά των χάκερ. Η τηλεμετρία της ESET έδειξε ότι οι συσκευές που ήταν πιο εύκολο να μολύνει το Sodinokibi, είχαν λογισμικό security with wrong settings or updates were not done.
ESET urges MSPs and SMEs to test their defenses against ransomware and to better understand the factors that can lead to their systems being compromised by first implementing the following key steps:
___________________
• Back up on a regular basis and keep at least one full backup of your most valuable data in an offline environment.
• Update all software and applications - including operating systems.
• Use a reliable, multi-level security solution and make sure it is up to date.
• Check your networks for dangerous accounts that use weak passwords.
• Disable or uninstall any unnecessary services and software.
