• dc

Ransomware as a Service (RaaS)

Ransomware is big business and Sodinokibi is in the news again. If you have not heard of it then here is a bit of background:

Back in April 2019 the team at Cisco Talos wrote a blog on attacks against Oracle Weblogic which was patched and assigned CVE-2019-2725.

Now the worrying part of this is that an underground recruitment scheme was started to attract blackhats to join the distribution network. The ads encouraged signup with a share of proceeds starting at 60 percent increasing to 70 percent after the first three ransom payments.

The campaign appears to be successful with the operators behind Sodinokibi ransomware claiming that they have in possession 70,000 financial and work documents as well as 60,000 customer data records belonging to the US fashion house Kenneth Cole. They published part of the data, threatening to release all of it if the fashion house refuses to pay ransom.

The Travelex ransomware attack has also been reported as another victim of Sodinokibi, as well as many other less high profile victims.

It has also been reported that hacking competitions with prizes of $15K for proof of exploits are being offered!

With the stakes so high it is important to have a plan just incase.

  • Only use genuine software from trusted sources. This sounds obvious but the simplest method the bad guys use is exploiting hooky software/apps.

  • Use commercial grade antivirus, free antivirus has basic functionality and is unlikely to protect you, and in some cases has been found to spy on your activity!

  • Detection in corporate networks is critical so consider deploying MDR/XDR, we would recommend our Overwatch solution.

  • Make sure you have backups, and make sure you regularly test them by restoring files. If you don't test your restores then you will never know if they are working correctly!

  • Never pay without first checking whether you can recover your files. Sites such a No More Ransom offer free advice and tools to recover from attacks.

  • Last but not least 'have a plan', once you've read this sit down and draft a response plan for dealing with an attack. Work out your weak points and address them, run a simulation to see if your plan works.

18 views0 comments

© 2020 by WSD (West Sealand Digital Limited)