‘Sodinokibi’ ransomware CERT issues Red Alert

By Darshana Sanjeewa Balasuriya

The Sri Lanka Computer Emergency Readiness Team (SLCERT) has issued a high threat warning regarding the onset of an advanced ransomware which targets the IT systems used by corporate entities and individuals worldwide.

‘Sodinokibi’, also known as ‘REvil’ is a name for a family of Advanced Ransomware. It encrypts (makes files and folders unreadable) important files in various formats and demands a ransom to decrypt (make files and folders readable) them.   

‘Sodinokibi’ ransomware first appeared in April 2019. The sole purpose of the ransomware is to encrypt files with a random extension and then demand a ransom to recover the files.   
According to the CERT, the attackers send a ransom note through a text (.txt) file and/or by a message that will appear on the victim’s computer screen. To decrypt data, attackers ask users to visit their website using one of the two links provided; one of which has to be opened using the Tor browser and the other with commonly used browsers. Victims have to provide the key and extension name included in the ransom message. The victim is then informed of the payment details and instructions to be followed.   
‘Sodinokibi’ has attacked a wide array of companies including Telecommunication service providers, Law Firms and IT Services causing service disruptions and information losses. Further, it has targeted celebrities and prominent individuals threatening to release their sensitive information online.   

The CERT advises users to refrain from downloading files from suspicious sources or click on suspicious links.   
“Do not download decryption tools from suspicious sources, regularly make multiple backups of data, and keep them offline and/or store off-site, increase the security of backup with additional ransomware protection software, update and install latest security patches on installed third party software, keep your virus guard and operating system up to date and monitor for latest malware infections and patterns, isolate the infected computers from the network and payment of ransom is not recommended since there is no guarantee that you will get your data back,” CERT said.   

• According to the CERT, the attackers send a ransom note through a text (.txt) file and/or by a message that will appear on the victim’s computer screen