Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Sodinikibi Ransomware Information

    • Updated:
    • 21 Jan 2020
    • Product/Version:
    • Apex One 2019
    • Deep Discovery Email Inspector 3.5
    • Deep Security 12.0
    • InterScan Messaging Security Suite 9.1
    • OfficeScan XG
    • Worry-Free Business Security Advanced 10.0
    • Worry-Free Business Security Standard 10.0
    • Platform:
Summary

Sodinokibi ransomware first spotted April 2019. This ransomware way of infecting machines is by (i)exploiting the Oracle WebLogic Server vulnerability CVE-2019-2725, (ii) malicious spam campaign, (iii) exposed Remote desktop endpoints (RDPs). It has the capability of stealing computer data such as operating system version, operating system architecture, username, user’s security identification (SID), stored information such as user names, passwords and hostnames from different browsers.

Behaviors

Gathers the following data:

  • User Name
  • Computer Name
  • Workgroup
  • Systems Architecture
  • Operating System
  • Processor Information

Capabilities

  • Information Theft
  • Exploits
  • Disabling usage capability

Infection Chain

Detection Coverage

File Reputation

Detection/Policy/RulesPattern Branch/VersionRelease Date
TrojanSpy.Win32.LOKI.TIOIBODR15.349.00September 7, 2019
Trojan.PS1.POWALYS.A
Ransom.Win32.SODINOKIBI.AUWTL
TROJ_FRS.0NA103HK19
Ransom.Win32.SODINOKIBI.AUWTL.note

Predictive Machine Learning

DetectionPattern Branch/Version
Troj.Win32.TRX.XXPE50FFF031In-the-cloud

Web Reputation

DetectionPattern Branch/Version
URL ProtectionIn-the-cloud

Email Protection

DetectionPattern Branch/Version
TMASE 25044.002In-the-cloud
Details
Public

Solution Map - What should customers do?

Trend Micro SolutionMajor ProductLatest VersionVirus PatternAnti-Spam PatternNetwork PatternPredictive Machine LearningWeb Reputation




Endpoint Security
ApexOne2019



Update pattern via web console



Not Applicable
Update pattern via web console



Enable Predictive Machine Learning




Enable Web Reputation Service and update pattern via web console
OfficeScanXG (12.0)


Not Applicable

Worry-Free Business Security
Standard (10.0)
Advanced (10.0)Update pattern via web console
Hybrid Cloud SecurityDeep Security12.0Update pattern via web consoleNot ApplicableUpdate pattern via web consoleEnable Predictive Machine LearningEnable Web Reputation Service and update pattern via web console





Email and Gateway Security
Deep Discovery Email Inspector3.5




Update pattern via web console





Update pattern via web console
Update pattern via web console




Not Applicable




Enable Web Reputation Service and update pattern via web console
InterScan Messaging Security9.1


Not Applicable
InterScan Web Security6.5
ScanMail for Microsoft Exchange14.0
Network SecurityDeep Discovery Inspector5.5Update pattern via web consoleNot ApplicableUpdate pattern via web consoleNot ApplicableEnable Web Reputation Service and update pattern via web console

Recommendation

Threat Report

Blog

Premium
Internal
Rating:
Category:
Remove a Malware / Virus
Solution Id:
000238277
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.