By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Relatively new on the ransomware scene, Sodinokibi has already made impressive profits for its administrators and affiliates, some victims paying as much as $240,000, while a network infection netted $150,000 on average. These figures are not surprising when you look at the malware's recent activity. On August 16, Sodinokibi hit 22 local administrations in Texas and demanded a collective ransom of $2.5 million. It compromised multiple MSPs (managed service providers) spreading the malware to their customers. The latest victim is another MSP that offers data backup service to dental practices. The ransom, in this case, is allegedly $5,000 per client; hundreds were impacted. Since its discovery in April, Sodinokibi (a.k.a. REvil) has become prolific and quickly gained a reputation among cybercriminals in the ransomware business and security researchers. In mid-May, a Sodinokibi advertiser using the forum name UNKN deposited over $100,000 on underground forums to show that they meant serious business. Advertisements for the new file-encrypting malware started in early July on at least two forums. UNKN said that they were looking to expand their activity and that it was a private operation with "limited number of seats" available for experienced individuals. A screenshot of the announcement, provided to BleepingComputer by malware researcher Damian shows that UNKN describes the malware as being "private ransomware" flexible enough to adapt to the RaaS business model. The name of the ransomware is not disclosed in the forum posts but the researcher told us that he saw screenshots of the malware's administrative panel showing bot IDs that look the same as those for Sodinokibi. As seen in the screenshot below, one victim paid 27.7 bitcoins, which converted to more than $220,000 at the time of the transaction. Get deeper into this by visiting OUR FORUM.

 

GTranslate