[ June 03, 2019 ]
A malspam campaign targeting potential German victims is actively distributing Sodinokibi ransomware via spam emails disguised as foreclosure notifications with malicious attachments which pose as foreclosure notifications.
After the Sodinokibi Ransomware is executed, it will run the commands to disable Windows startup repair and to delete shadow volume copies.
The ransomware will then encrypt the victim’s files using a random extension unique for each infected machine.
For all scanned folders scanned for files, the malware will also create ransom notes named in the format [extension]-HOW-TO-DECRYPT.txt, with the ransom notes containing unique keys and links to the payment site.
When victims visit the attacker’s payments site, they will be asked to enter their unique extension and key.
After submitting the required information, they will get access to a page which displays the ransom amount — $2500 worth of Bitcoin or $5000 after the two-day timer expires — and the Bitcoin address that should be used to make the payment.
Cyber Security Tips :
Never be fooled into paying the ransom, as the hackers might come back and demand more. Also, there is no guarantee that your files or data will be returned safely.