<< previous

«SODINOKIBI»
a new threat on the ransomware scene

The still young encryption Trojan has only been on the market since the end of April; it has since made a steep climb and is said to be one of the most common ransomware causing significant damage in the meantime.

The special threat: compared to previous Trojans, "SODINOKIBI" takes a back seat - often inconspicuously for local antiviruses, peeking as "sleeper" to accesses, passwords and shares in the local network. 
Already well before the recognizable outbreak of the infection, the Trojan was usually already in your network, thus also infected the important back-ups and made them worthless. Backup disks (NAS) are also affected.
After that, the blackmailers demand a lot of money with high criminal energy. But there is no guarantee for the decryption.

This dynamic makes the Trojan so dangerous and is currently making many IT security providers to loose sleep. All current security strategies are under scrutiny, new structures and monitoring processes need to be established.

Possible distribution tactics

  1. Critical Windows Vulnerabilities
    According to a BSI (the German national cybersecurity authority) press release, Microsoft has released serious vulnerabilities in Remote Desktop Services (RDS) for its Windows operating system. At least two of them are wormable. What this means: the attackers randomly create username and password combinations and try to find the right RDP access to your network. → PC CADDIE://online has installed the new Windows patches for all Netwatch customers for protection, and at the same time monitors the RDP attacks in the Cloud-Installation.
    Startling: one customer's server has received 500 RDP attack attempts in the last 48 hours 

  2. SPAM campaigns and advertising emails
    The Trojan can also come across phishing emails, which are messages with hidden malicious code masquerading as important messages from known customers or business partners. The emails are perfectly adapted to the target group, for example, applications to human resources officers or reminders to accounting departments. One wrong click, and the attackers are in the system.

Fast data protection is now important

The BSI advises all Windows users to install the provided updates immediately.
The PC CADDIE://online IT administrators recommend their customers, as a protective measure, a complete mirroring of the data in the PC CADDIE://online Cloud, in addition to the local backup. At the moment this is the only alternative to access the data after such criminal encryption.
› PC CADDIE://online Newsletter | Threat of the latest generation of crypto-malware (in German)
We would like to ask all golf clubs and golf companies who have commissioned their data protection via their own IT service provider to inquire as quickly as possible how to prepared for such attacks.

Please stay alert!
We are available for any questions you might have to our IT administrators; just send us a message to support (at) pccaddie-online.de.

Our sources with information on how to protect yourself (in German):
› https://www.heise.de/security/meldung/Sodinokibi-aka-REvil-der-neue-Shooting-Star-der-Ransomware-Szene-4483691.html (last accessed on 16.08.2019)
› https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/DejaBlue-Schwachstelle_140819.html (last accessed on 16.08.2019)
› https://www.heise.de/security/meldung/Emotet-bei-Heise-Fachgespraech-zum-Schutz-vor-Cybercrime-4476253.html (last accessed on 16.08.2019)
› https://www.sueddeutsche.de/digital/ransomware-service-sodinokibi-1.4554518 (last accessed on 16.08.2019)

Comments (0)

No comments found!

Write new comment

PC CADDIE AG
Bachtelweg 3
6048 Horw/Luzern
Switzerland

Phone +41 41 5110600
Fax +41 41 5110699
email info (at) pccaddie.com

Support in Germany
Phone +49 2642 9854110
Fax +49 2642 9854199
email support (at) pccaddie.com 

Daily support hours
April-October 9 am - 8 pm
November-March 9 am - 6 pm

Remote Support

Contractual partner

PC CADDIE Service GmbH
Marktstrasse 45-47
53424 Remagen
Germany

Phone +49 2642 9854110
Fax +49 2642 9854199
email info (at) pccaddie.com


PC CADDIE://online
GmbH & Co. KG

Stubber Weg 39
23847 Pölitz
Germany

Phone +49 2642 9854120
Fax +49 2642 9854169
email info (at) pccaddie-online.de

PC CADDIE AG
Bachtelweg 3
6048 Horw/Luzern
Switzerland

Phone +41 41 5110600
Fax +41 41 5110699
email info (at) pccaddie.com

Support in Austria
Phone +43 1 355667788
Fax +43 1 355667799
email support (at) pccaddie.at

Daily support hours
April-October 9 am - 8 pm
November-March 9 am - 6 pm

Remote Support

Contractual partner

PC CADDIE GmbH
Rudolf-von-Alt-Platz 1
1030 Vienna
Austria

Phone +43 13 55667788
Fax +43 13 55667799
email info (at) pccaddie.at


PC CADDIE://online
GmbH & Co. KG

Stubber Weg 39
23847 Pölitz
Germany

Phone +49 2642 9854120
Fax +49 2642 9854169
email info (at) pccaddie-online.de

PC CADDIE AG
Bachtelweg 3
6048 Horw/Luzern
Switzerland

Phone +41 41 5110600
Fax +41 41 5110699
email info (at) pccaddie.com

Support in Switzerland
Phone +41 41 5110600
Fax +41 41 5110699
email support (at) pccaddie.com

Daily support hours
April-October 9 am - 8 pm
November-March 9 am - 6 pm

Remote Support

FAQ: Recent posts

09. Aug / Online booking of binding Support appointments ...more
02. Aug / Golf software for Golf hosts
Address customers personally and digitally ...more
12. Jul / Extensive timetable statistics for space utilization ...more
21. Jun / Gross CR compensation
New sorting according to original points ...more

Top