What is Sodinokibi Ransomware?

A quick summary on nasty Sodinokibi ransomware

Sodinokibi (source: malwarebytes.com)
Encryption message by attackers (source: malwarebytes.com)
  • It exploits an Oracle WebLogic Server vulnerability [CVE-2019–2725]
  • It targets Windows systems [Malwarebytes]
  • Attackers are associated with GradCrab ransomware family
  • It uses AES and Salasa20 encryption algorithms
  • Also known as REvil and Sodin
  • IOCs (File Hashes) related to Sodinokibi:
    f0a16b0224a24647e9e8cf2f6f4479d93c8fb540a7ca656023a41f399e6c69c2
    963e31fef7c8db9e002c56ee30fd3cd4b240db466bc23687979e2f161ba5606e
    e5d23a3bb61b99e227bb8cbfc0e7f1e40fea34aac4dcb80acc925cfd7e3d18ec
  • Take a deep dive on this ransomware at acronis.com