Monday, January 25, 21:42
Home security Tools and tactics used by Sodinokibi Ransomware operators

Tools and tactics used by Sodinokibi Ransomware operators

Sodinokibi RansomwareHer researchers McAfee they wanted to study tools and the tactics used by hackers behind the Sodinokibi Ransomware to infect the systems of their victims. For this purpose they created one network honeypots.

The hackers behind it ransomware are divided into groups, which have different names. It thus appears who affected the victim's system and who should be paid.

This separation into groups helped the researchers monitor their behavior and understand how they attacked victims and spread across the network.

Monitoring criminals

McAfee's research team used one worldwide network of Remote Desktop Protocol (RDP) honeypots to monitor the activities of the three groups.

The teams behind Sodinokibi Ransomware are named Group 1, affiliate #34, and affiliate #19. All three groups first breached the systems via RDP and then tried to breach the rest of the network.

Researchers noted that all three groups were trying to gain access to the rest of the network, using port scanning tools to detect accessible RDPs servers. Then they used it brutal forcing tool, NLBrute RDP, to gain access to servers.

The # 34 and # 19 groups used more specialized ones techniques to carry out attacks. For example, they used Mimikatz batch files theft of credentials and other illegal activities.

The hackers in the # 19 team seem to have the most potential. The hackers tried to use local exploits to gain access access Admin to the violated computers. Access to an administrator account is very important for hackers, as it can affect systems across the network more easily.

Researchers also noticed that the # 34 team was trying to install cryptomining payloads (MinerGate and XMRig), in addition to Sodinokibi Ransomware.

McAfee was able to locate the address e-mail one of the hackers.

"Based on our analysis, this person is probably a member of a team stealing credentials and other types of data." This data is used for brute-force attacks.

Using the Everything software to locate documents

Team # 34 took advantage of it for file locator software Everything.

Everything helps you easily and quickly find files and folders on your computer by simply using a keyword. In addition, content can be searched within the files.

McAfee investigators were unable to see the exact searches made by the hackers. However, they realized that the hackers had searched the files on the victims' computers.

Researchers believe that hackers installed the Everything software to easily search for sensitive ones archives.

The hackers thus found the important files, stole them and then demanded money from the victims.

Using the Everything software in ransomware attacks is a very interesting tactic. The businesses They have to be alert, as data theft is one of the most common attacks nowadays.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement



How do insurance companies "enhance" ransomware attacks?

Ransomware attacks have increased significantly, with experts warning that their victims should not pay ransom to hackers ....

Russia: "US may be planning retaliation for SolarWinds hack"!

The Russian government warns the country's organizations about possible cyber attacks that the US may carry out, as "retaliation" for the hack ...

iPhone: How to see which apps have access to your contacts

Some iPhone privacy issues go deeper than accessing your contacts list, which exposes your contacts to ...

COVID-19: Google makes vaccination clinics available

Google CEO Sundar Pichai said Monday that the company will make its facilities available to become clinics ...

Netflix offers "studio quality" audio upgrade on Android

Do not be surprised if Netflix sounds better the next time you run a marathon with rows on your Android phone ...

Will Bitcoin return to $ 40.000? There is concern!

Bitcoin lovers who take his return above the level of $ 40.000 for granted have been worried because the demand ...

Avaddon ransomware: Its operators threaten with DDoS attacks to get ransom!

Lately, more and more ransomware gangs tend to threaten their targets with DDoS attacks in order to secure profits ....

Volunteer firefighters will be trained through VR simulation

Volunteer firefighters in the Australian state of Victoria will soon have access to the virtual reality (VR) training that will be available in ...

Tesla: Accuses its former employee of stealing her confidential data!

On January 23, Tesla sued former employee Alex Khatilov for stealing 26.000 confidential documents, including trade secrets. The software ...

SpaceX launched 143 satellites simultaneously

SpaceX broke every record with its last spacecraft mission into orbit. The company successfully launched the Transporter-1 mission ...