Sodinokibi Ransomware Pushed via Foreclosure Warning Spam

[ June 03, 2019 ]

A malspam campaign targeting potential German victims is actively distributing Sodinokibi ransomware via spam emails disguised as foreclosure notifications with malicious attachments which pose as foreclosure notifications.

After the Sodinokibi Ransomware is executed, it will run the commands to disable Windows startup repair and to delete shadow volume copies.

The ransomware will then encrypt the victim’s files using a random extension unique for each infected machine.

For all scanned folders scanned for files, the malware will also create ransom notes named in the format [extension]-HOW-TO-DECRYPT.txt, with the ransom notes containing unique keys and links to the payment site.

When victims visit the attacker’s payments site, they will be asked to enter their unique extension and key.

After submitting the required information, they will get access to a page which displays the ransom amount — $2500 worth of Bitcoin or $5000 after the two-day timer expires — and the Bitcoin address that should be used to make the payment.

Cyber Security Tips :

Never be fooled into paying the ransom, as the hackers might come back and demand more. Also, there is no guarantee that your files or data will be returned safely.



Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at

Up ↑

%d bloggers like this: