Kaspersky has discovered a new extortion named Sodinokibi or REvil, which uses a recently discovered Windows vulnerability to obtain elevated rights on an infected system. Viruses the benefits of CPU architecture to avoid detection, a functionality that is infrequently found in extortion virus.
“The virus is a very popular kind of malware, yet not often do we see such an elaborate and sophisticated version: using a CPU architecture to fly under the radar is not a common practice for ciphers,” said Fedor Sinitsin, a security researcher at Kaspersky.
“We are confident that the number of attacks involving the Sodin virus will increase because the amount of resources required to create such malware is significant. Those who invested in the development of malware accurately calculate if they will pay off well, Sinitsin added.
So have attacks been observed in Europe, North America and Latin America, Kaspersky experts said, adding that the extortion left on infected PCs requires every Bitcoin victim for $2500.
Vulnerability CVE-2018-8453, it is a virus-extortion as established by the hacker group FruitArmor. The vulnerability was fixed on October 10, 2018, Kaspersky experts noted.
To avoid Sodin-threats, make sure that the software used in your company is regularly updated to the latest versions, – said Kaspersky specialists.
Security programs with vulnerability assessment and patch management features can help automate these processes, experts added.