Top security firm- Kaspersky recently discovered a new ransomware that seemingly targets a known Windows flaw to get elevated privileges. Encryption Ransomware Sodin as the ransomware has come to be known, takes advantage of the architecture of the CPU to avoid anyone from discovering it. This is something that is not commonly seen in ransomware.
A top Security researcher up at Kaspersky also said that it’s not everyday that they get to see ransomware that was so elaborate and sophisticated. As mentioned earlier the whole using – of – CPU Architecture – to – avoid – detection is not something that encryptors normally do.
Number of Attacks Expected with Encryption Ransomware Sodin:
Experts expect a rise in the number of attacks involving ransomware- sodin. They say this as it is an extremely sophisticated system that involves a lot of resources to create. No encryptor is going to go to all that trouble and money, not to mention, to create a ransomware without any chances of a huge pay off.
Areas Targeted by the Ransomware- Sodin:
This ransomware has targeted many countries of the world with a spat of the ransomware being seen in Asia. Countries such as Taiwan have been detected with 17.6% of the total attacks and with a 9.8% in Honk Kong. Add to that an 8.8% in the Republic of Korea, and the total comes up to 36.2% in Asia alone. These are just those figures that have been discovered at present.
Asia is not the only the continent to be affected too. Europe, America and Latin America have also reported cases of Sodin.
Besides simply affecting the system, victims were also to pay up $2500 worth of Bitcoin to free up their systems from the control of Sodin.
More about Sodin:
There was an earlier vulnerability known as CVE-2018-8453 which was used by a hacking group known as FruityArmor. However, this vulnerability was patched on the 10th of October 2018. It was this vulnerability that is used by Sodin to gain control of a user’s PC.
How to Avoid Getting in the grasps of this ransomware:
To ensure that you don’t fall a prey to the ransomware- Sodin, make sure you’ve got the latest in software updates on your PC.
Kaspersky researchers also said that by having security products that made regular assessments on vulnerabilities as well as giving patches would help solve problems such as these.
CyberArk have tested Sodin and have found that it can’t get through to Endpoint Privilege Manager’s feature set. The set is a combination of least privileges, application control policies on end point and servers and credential theft protection. CyberArk has tested millions of samples of various ransomware to better understand the infection and how to remove it.
Based on this research, the system is able to identify all known ransomware. For those that it does not have any prior knowledge about, it marks as suspicious and protects information accordingly.
This means that if one end point becomes infected the rest are protected from an organised attack.
