Rewterz Threat Alert –Sodinokibi Ransomware

Rewterz Threat Alert –Dharma Ransomware – Active IOCs

August 20, 2021

Rewterz Threat Update –Unpatched Fortinet Vulnerabilities

August 20, 2021

Rewterz Threat Alert –Sodinokibi Ransomware – Active IOCs

Severity

High

Analysis Summary

Sodinokibi ransomware usually targets victims, infecting systems via Microsoft Office documents. After encryption, a ransom note is found on infected systems. The ransomware usually demands a ransom of $850k or $1.7m for decrypting the files on the target system. The ransomware has re-emerged in cyberspace after a few months, earlier campaigns dating back to July and August, 2020. Recently, few samples of Sodinokibi were found being distributed.

Impact

Files encryption
Information theft

Indicators of Compromise

MD5

8535397007ecb56d666b666c3592c26d
a994cfba920bb87b9322aeda48282d11

SHA-256

aae6e388e774180bc3eb96dad5d5bfefd63d0eb7124d68b6991701936801f1c7
8b15999cff808e9477d25bf0f839ac7c93fa4e62710fb6ae29d33787f1a05f12

SHA-1

0912b7cecfbe82d6903a8a0dc421c285480e5caa
dcdade9e535ec79f839537e7ed38499d258020b3

Remediation

Block the threat indicators at their respective controls.
Do not download files attached in untrusted emails.