Since its discovery of Sodinokibi ransomware last April, cybercriminals have reportedly been attempting to infect networks with the malicious encryption program through a growing number of vectors, including supply chain attacks, spam, and malvertisements that redirect victims to an exploit kit.

Sodinokibi encrypts data found in the user directory and prevents data recovery by leveraging the Microsoft Windows vssadmin.exe utility to delete any "shadow copies." When first uncovered by researchers at Cisco's Talos division, it was observed spreading via a remotely exploitable vulnerability in the Oracle WebLogic Server.

But in the ensuing two months, Sodinokibi affiliates began spreading the ransomware in a wide variety of manners. Just last week, ZDNet reported that attackers were compromising managed service providers to attack their clients with the ransomware via a supply chain attack.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.