SODINOKIBI IS SOMETHING TO WORRY ABOUT

DAIVIK PARMAR (146440)

CONCORDIA UNIVERSITY OF EDMONTON
IT – 201
PROFESSOR: DR. APOORVA CHAUHAN
WHAT REALLY SODINOKIBI IS?
• Sodinokibi is a Malwarebytes from the Ransomware family, which has
been frequently used to take many essential server systems or portals
down
• Sodinokibi targets all the files on the user’s local drive. Targeted files
have the
extensions .jpg, .jpeg, .raw, .tif, .png, .bmp, .3dm, .max, .accdb, .db, .mdb
, .dwg, .dxf, .cpp, .cs, .h,
php, .asp, .rb, .java, .aaf, .aep, .aepx, .plb, .prel, .aet, .ppj, .gif, and .psd.
• Sodinokibi and Brute force attack work hand in hand.
HOW DOES SODINOKIBI GET INTO A SECURE SYSTEM?

 This Malwarebytes analyzes all the open ports on a device, server, or network. The
most used open port for Sodinokibi is the “3389” remote desktop port.
 Once an open port is discovered then through that port Sodinokibi code-injected
packets are sent into the device which in less than 3 minutes encrypts the user’s entire
PC.
 As soon as the device gets affected by it a ransom note is visible on the screen asking
to pay the ransom in form of bitcoins or other cryptocurrencies and once the ransom
has been paid they send the decryptor.
 No antivirus software or firewalls can prevent Sodinokibi. Sodinokibi ransomware
attacks are only limited to Windows-based operating devices.
 WAYS TO PREVENT SODINOKIBI
(1)Intrusion prevention system(IPS): An Intrusion prevention system is a network security
tool either hardware or software that continuously monitors a network and all the devices
connected to it for any ongoing suspicious or malicious activity. And once any such kind of
activity is detected it immediately shuts the internet connection of the device, and cuts it off
from the server to not let the Malwarebytes spread any further.
(2)Endpoint detection and Remediation system (EDRS): EDRS detects all the malware at its
endpoint at the operating system level any sort of manipulations or data thefts are
automatically obstructed. Even threats whose origin cannot be attributed to a file are detected.
(3) Backing up data on the cloud: Regularly taking backups on cloud storage helps you
prevent the loss of data.
(i) Microsoft Azure
(ii) Oracle
(iii) PureStorage
ARE YOU AWARE OF ANY RECENT RANSOMWARE?

Colonial pipeline Ransomware attack

NVidia Ransomware attack
Any Questions?
WORK SITED

 https://www.techtarget.com/whatis/feature/Colonial-Pipeline-hack-explained-Everything-you-need-to-know

 https://www.malwarebytes.com/blog/detections/ransom-sodinokibi

 https://www.forcepoint.com/cyber-edu/intrusion-prevention-system-ips

 https://www.crowdstrike.com/cybersecurity-101/endpoint-security/endpoint-detection-and-response-edr/
THANK YOU