Sodinokibi: A new threat has emerged, according to ESET surveys, targeting managed service providers (MSPs) and small and medium-sized enterprises worldwide.
This is Sodinokibi, a dangerous ransomware, which first appeared near the end of April 2019, peaked in June, and, by the end of the year, had hit mainly users in the United States, but also a wide range of targets worldwide.
Image: Sodinokibi scans by country
According to ESET researchers, the cybercriminals behind Sodinokibi seem to prefer to use automated tools, such as exploit kits or spam, to distribute their ransomware, rather than hacking into computers via the RDP protocol.
Στην παρούσα φάση, αν μία εταιρεία πέσει θύμα του Sodinokibi και της ζητηθούν λύτρα, δεν είναι δυνατή η αποκρυπτογράφηση παρά μόνο αν χρησιμοποιηθούν τα κλειδιά των χάκερ. Η τηλεμετρία της ESET έδειξε ότι οι συσκευές που ήταν πιο εύκολο να μολύνει το Sodinokibi, είχαν software security files with wrong settings or updates were not done.
ESET urges MSPs and SMEs to review their defenses against ransomware and better understand the factors that can lead to infringement of their systems, initially applying the following basic steps:
___________________
• Λαμβάνετε backup σε τακτική βάση και διατηρήστε τουλάχιστον ένα πλήρες αντίγραφο ασφαλείας των πιο πολύτιμων data in an offline environment.
• Update all software and applications - including operating systems.
• Use a reliable, multi-level security solution and make sure it is up to date.
• Check your networks for dangerous accounts that use weak passwords.
• Disable or uninstall any unnecessary services and software.
