Sodinokibi: A new threat has emerged, according to ESET surveys, which targets companies that provide managed services (MSP) and small and medium enterprises around the world.
This is Sodinokibi, a dangerous ransomware, which first appeared near the end of April 2019, peaked in June, and, by the end of the year, had hit mainly users in the United States, but also a wide range of targets worldwide.
Image: Sodinokibi scans by country
According to ESET researchers, the cybercriminals behind Sodinokibi seem to prefer to use automated tools, such as exploit kits or spam, to distribute their ransomware, rather than hacking into computers via the RDP protocol.
Currently, if a company falls victim to Sodinokibi and is held for ransom, decryption is only possible using the keys of hacker. ESET's telemetry showed that the devices that were easiest for Sodinokibi to infect had security software with wrong settings or updates were not done.
ESET urges MSPs and SMEs to test their defenses against ransomware and to better understand the factors that can lead to their systems being compromised by first implementing the following key steps:
___________________
• Take backups on a regular basis and keep at least one full backup of the most valuable ones data in an offline environment.
• Ενημερώνετε όλο το λογισμικό και τις εφαρμογές - συμπεριλαμβανομένων των λειτουργικών συστημάτων.
• Χρησιμοποιήστε μια αξιόπιστη, πολυflat λύση ασφάλειας και βεβαιωθείτε ότι είναι ενημερωμένη.
• Check your networks for dangerous accounts that use weak passwords.
• Disable or uninstall any unnecessary services and software.
