Bryson Blog

What is Sodinokibi Ransomware?

No company can eliminate the risk of being hacked, not even the CEO of Amazon. Do what you can to mitigate cyber risk while also ensuring your organization considers cyber risk transfer seriously too.

Here is a common statement you may hear expressed from an executive at a company actively focusing on cyber risk mitigation:

“We have a good data back-up and recovery program in place. Our employee cyber awareness training is going smoothly, no one is clicking on our faux-phishing campaigns. At the end of the day, ransomware only encrypts files locally. Even if we do fall victim we can get things back up and running quickly… we can finally take a deep breath and relax…”

News Alert: Sodinokibi ransomware sneaked through a backdoor of a third-party software stealing sensitive client data from a corporate victim. The criminal hackers are now holding the corporate victim's data hostage. The hackers are demanding a significant ransom payment. The hackers are threatening to release the sensitive data publicly stating ‘pay us because it will be 5 times worse suffering penalties enforced by the regulators’.

Sodinokiwhat?!

Welcome to the next phase of ransomware. From the linked article: "The authors behind Sodinokibi ransomware were threatening companies for the past one month to make the stolen files public if victims don’t pay the demanded ransom."

What is Sodinokibi ransomware?

It is a script that doesn’t require any human misstep to successfully breach and transfer a company’s most sensitive data. This code exploits a vulnerability with Oracle software and automatically injects itself into the terminal. Unlike traditional ransomware that only creates a local cryptolocker (local encryption of files), this ransomware sends copies of the files directly to the hackers. hack thief

This ransomware is akin to that swift museum thief that sneaks in and out of a building completely undetected with a valuable artifact in hand.

If the thief then shares photos of that artifact on public forms and further threatens to ruin the reputation of the museum, by publicly sharing details how the lack of care the museum takes in protecting their entrusted assets, then it may sound like something aligned with what these hackers are chatting about in public forms:

Ranswomare

Today an Oracle software vulnerability, tomorrow what?

Since the Oracle software vulnerability, we have already witnessed a exploit in Internet Explorer reaping havoc and the phone of Jeff Bazos, CEO of Amazon, was hacked by a Saudi Prince (for real).

Being okay with not being able to fully eliminate cyber risk at your company.

The cyber landscape is like the Wild West. We need to utilize technology to effectively operate our business, but we have no idea what is going to be hijacked next. This is not intended to scare you, it’s just the reality we live in right now.

We care about businesses staying in business because businesses are essential to building a great community and society. There is a good chance the corporate victims of the Sodinokibi ransomware will struggle to remain in business. If they do stay in business this attack has crippled their future.

We strongly encourage you to have a conversation with us. In the cyber risk conversation, we are the risk transfer specialists. Our goal is to ensure your business continues to thrive when the unexpected occurs. We naturally work with you to explore your current business practices and often highlight quick wins to enhance your risk mitigation plan as well.

It is important to have a professional cyber risk mitigation team. See if we fit on your team as your cyber risk transfer specialists.

Kyle Paterson

Written by Kyle Paterson

Kyle has a belief that insurance is a tool to leverage the best ensures the vision of business leaders and families are realized. Kyle focuses on cyber risk transfer, group benefits, and corporate and individual life insurance solutions.