Rewterz Threat Alert – Sodinokibi Ransomware

Rewterz Threat Alert – Lazarus APT Group – Active IOCs

August 24, 2021

Rewterz Threat Alert – APT32 Ocean Lotus – IOCs

August 24, 2021

Rewterz Threat Alert – Sodinokibi Ransomware – Active IOCs

Severity

High

Analysis Summary

Sodinokibi ransomware usually targets victims, infecting systems via Microsoft Office documents. After encryption, a ransom note is found on infected systems. The ransomware usually demands a ransom of $850k or $1.7m for decrypting the files on the target system. The ransomware has re-emerged in cyberspace after a few months, earlier campaigns dating back to July and August 2020. Recently, few samples of Sodinokibi were found being distributed.

Impact

Files encryption
Information theft

Indicators of Compromise

MD5

2075566e7855679d66705741dabe82b4

SHA-256

12d8bfa1aeb557c146b98f069f3456cc8392863a2f4ad938722cd7ca1a773b39

SHA-1

136443e2746558b403ae6fc9d9b40bfa92b23420

Remediation

Block the threat indicators at their respective controls.
Do not download files attached in untrusted emails.