The famous Sodinokibi ransomware has hit New York airport’s administrative servers encrypting files containing a bunch of administrative documents and archived data. The cyber-attack as claimed by a staff did not affect any airline or TSA server.
Similarly, the customers financial or personal data escaped from the encryption and the airport’s operation was not impacted in any way. Sodinokibi ransomware has been in the news lately after it was reported to have attacked a number of firms including the Travelex foreign currency exchange sending its servers offline and affecting other businesses as well. The attackers have even threatened to release the stolen data if Travelex does not pay the ransom.
Image Source: www.snetconnect.com
On Christmas eve, this potent malware was launched on the New York airport, infiltrating the system through the maintenance server of the managed service provider, LogicalNet. The Sodinokibi ransomware spread so fast through the network of Albany’s County Airport Authority and even affected the backup servers. The hackers behind the attack allegedly demanded a ransom which the authorities paid, thanks to the Airport Insurer. It was reported that $25,000 deductible is to be recovered from the LogicalNet.
The Sodinokibi hackers have a track record of releasing obtained files to the public or possibly the dark web if the ransom payment is not done within the given time.
Recently, the Sodinokibi attackers honored their warning to release the files of companies who refused to pay their ransom amount. They truly shared a link that leads to a Russian hacker and malware forum and it contained 337MB of stolen data. The stolen data released was said to belong to Artech Information System. They further stated that the released data is just a part of the many stolen data, and if the ransom is not paid, they will sell all the information to third parties which include financial information.
The operators of this ransomware have the track record, and considering the fact that the backup servers of New York airport were affected, they had no option but to go by their demand.
The airport CEO Philip Calderone commended the effort of their IT department for helping to control the situation in a way that no passenger information was accessed in a very busiest traveling period. This was after he revealed that their relationship with the LogicalNet has been disbanded. They investigated the incident with the FBI, the New York State Cyber Command, and ABS Solution, helping their administrative functions to resume and their system to get back to normal in a few hours after the attack.
Image Source: www.ibtimes.com
Synoptek, a provider of IT Management and Cloud Hosting Service based in California was also hit by the Sodinokibi ransomware forcing them to pay a ransom on stolen data to obtain the decryption key. This firm reportedly has about 1100 customers in various industries ranging from local government to retail and software. Sodinokibi ransomware has made a lot of victims recently as its attackers are expected to go after more companies in the days ahead. Based on its previous attacks and demands, the hackers are mainly interested in ransom as their primary target is to encrypt files.
According to a source, the cybercriminals have designed the ransomware to display a ransom message in a file including the encryption key after the whole process. The file contains instructions on how to pay the ransom which mostly starts by asking victims to click on a link provided in the message. One of the provided links can be opened using a Tor browser whiles the other can be opened with a normal browser such as Chrome and Firefox. Users mostly enter these websites using a code provided in the ransom messages.
Based on analyzed incidents, the victims are mainly asked to make a payment of $2,500 to a provided BTC address to be able to download the decryption tool as they threaten to sell the stolen data. If payment is not made in two days, the victims are required to pay double the amount which is $5000. It is advised that victims do not pay the requested ransoms as the actors behind the Sodinokibi ransomware do not mostly honor their promise to provide the decryption key after the ransom is paid. The scam victims all the time.
The Sodinokibi ransomware proliferates through dubious software download sources, spam campaigns, software cracking tools, trojans, and fake software updaters. They distribute this ransomware through fake emails tricking targets to open an attached malicious file which is mostly Microsoft Office, PDF file and many more. Once they are opened, the malware is installed into the system of the target. The easiest and secure way to protect yourself from the Sodinokibi ransomware is to avoid opening emails or links from untrusted sources.
Source: Bleeping Computer
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation to the reliance on or usage of any content, goods or services mentioned in this article.