What is Sodinokibi Ransomware?

A quick summary on nasty Sodinokibi ransomware

Sodinokibi (source: malwarebytes.com)

Encryption message by attackers (source: malwarebytes.com)

• It exploits an Oracle WebLogic Server vulnerability [CVE-2019–2725]
• It targets Windows systems [Malwarebytes]
• Attackers are associated with GradCrab ransomware family
• It uses AES and Salasa20 encryption algorithms
• Also known as REvil and Sodin
• IOCs (File Hashes) related to Sodinokibi:
  f0a16b0224a24647e9e8cf2f6f4479d93c8fb540a7ca656023a41f399e6c69c2
  963e31fef7c8db9e002c56ee30fd3cd4b240db466bc23687979e2f161ba5606e
  e5d23a3bb61b99e227bb8cbfc0e7f1e40fea34aac4dcb80acc925cfd7e3d18ec
• Take a deep dive on this ransomware at acronis.com