New Ransomware: CERT issues high-level alert

24 May 2020 11:54 am - 1     - {{hitsCtrl.values.hits}}


There was a high-level threat as new threat of Ransomware could attack companies and individuals worldwide, the Computer Emergency Readiness Team (SLCERT) has warned.

While issuing a notice, the SLCERT said the ransomware Sodinokibi, also known as REvil is a name for a family of advanced Ransomware.

“It encrypts (makes files and folders unreadable) important files in various formats and demands a ransom to decrypt (make files and folders readable) them,” an official at the SLCERT said.

The said said the Sodinokibi was observed propagating itself by exploiting a vulnerability in Oracle WebLogic server (CVE-2019-2725).

Later, Cyber-criminal Groups have further propagated this ransomware through infected email attachments (macros), torrent websites, phishing or by spreading infected links through online advertisements etc.

It was first reported in Asia but it is now a worldwide threat, they said.

The attackers send a ransom note through a text (.txt) file and /or by a message that would appear on the victim’s computer screen. To decrypt data, attackers request users to visit their website using one of the two links provided; one of which has to be opened using the Tor browser and the other with commonly used browsers. Victims have to provide the key and extension name included in the ransom message. The victim is then informed of the payment details and instructions to be followed.

The Sodinokibi has attacked a wide array of companies including Telecommunication service providers, Law Firms and IT Services causing service disruptions and information losses.

Further, it has targeted celebrities and prominent individuals threatening to release their sensitive information online.

“After the attack, it will loss important files and documents of the victim company’s data. They could expose confidential information to unauthorized parties. They may result in a complete or partial shutdown of your company’s operations, they may damage your company’s reputation or create financial losses,” CERT said.

Therefore, the SLCERT request people not to download files from suspicious sources or click on suspicious links. Not to download decryption tools from suspicious sources.

“The CERT requests users to make multiple backups of data regularly, and keep them offline and/or store off-site,” it said.

“CERT requests to increase the security of backup with additional ransomware protection software and to update and install the latest security patches on installed third-party software,” the official said.

The users should aware of keeping their virus guards and operating systems up to date and to monitor the latest malware infections and patterns.

If any computer/s infected by the Sodinokibi attack it is better to isolate the infected computers from the network.

The payment of ransom is not recommended since there is no guarantee that you will get your data back, the SLCERT added. (Chaturanga Samarawickrama)

  Comments - 1

  • BigEars Sunday, 24 May 2020 01:05 PM

    Do not open or send attachments from unknown addresses. Sri Lankans are great at sharing with no creativity.

Add comment

Comments will be edited (grammar, spelling and slang) and authorized at the discretion of Daily Mirror online. The website also has the right not to publish selected comments.

Reply To:

Name - Reply Comment

Kenneth De Zilwa to head Central Bank’s FSSCC

Senior economist Dr. Kenneth De Zilwa has been invited to take over the Chair

New Parliament must comply with COVID-19 guidelines: Dr. Jasinghe

Parliament heads and Director General of Health Services Dr. Anil Jasinghe ye

Group of SJB members will join UNP after polls: Akila

A group of Samagi Jana Balawegaya (SJB) candidates will join the UNP after th

PC polls before end of this year: GL

The Provincial Council (PC) Elections which has been delayed for several year