What is Sodinokibi Ransomware?

A quick summary on nasty Sodinokibi ransomware

Sodinokibi (source: malwarebytes.com)
Encryption message by attackers (source: malwarebytes.com)
  • It exploits an Oracle WebLogic Server vulnerability [CVE-2019–2725]
  • It targets Windows systems [Malwarebytes]
  • Attackers are associated with GradCrab ransomware family
  • It uses AES and Salasa20 encryption algorithms
  • Also known as REvil and Sodin
  • IOCs (File Hashes) related to Sodinokibi:
  • Take a deep dive on this ransomware at acronis.com