Ransomware found exploiting former Windows flaw

Sodinokibi is a nasty ransomware infection that is using aggressive methods to spread with intention to fill the void left by GandCrab virus when it shut down recently after wreaking havoc for more than a year. This nasty ransomware infection also goes with the name REvil and it has already launched several versions of itself. Researchers at Kaspersky lab found that this cunning virus is using former Windows flaws to attack new computers. It is using Windows vulnerabilities and take the advantage of CPU architecture to avoid detection. It is a very rare case scenario and this type of function is not normally seen in ransomware viruses.

Sodinokibi

Fedor Sinitsyn, a security researcher at Kaspersky lab said that “Ransomware is a very popular type of malware, yet it’s not often that we see such an elaborate and sophisticated version: using the CPU architecture to fly under the radar is not a common practice for encryptors”. He also added that there is also a risk of rising in the number of attacks as those who invest in these kind of malware, expect bigger pay outs.

According to Kaspersky attacks are seen in Europe, North America and Latin America. This nasty virus leaves ransom note demanding $2500 USD in BitCoin for giving the decryption key that can unlock the encrypted files. All the computers are locked using different private key which makes the decryption keys unique that means you cannot unlock your data using duplicate key.

The vulnerability CVE-2018-8453 that Sodinokibi ransomware was exploiting to attack Windows PC is now patched. So you are advised to update your operating system and other software regularly to avoid such kind of malware attack. Always use the official websites to update your software, otherwise fake software updates could also bring more threats. Also use powerful anti-virus program and scan every email attachment before opening and do not download free or cracked software to keep your system safe. You should also create a restore point on your system before upgrading to any major update because some times Update like KB4507453 causes Reboot-Notification loop which can be more disturbing.

Leave a Reply