Last week we discussed how Sodinokibi rapidly filled the vacuum left by GandCrab, by distributing spam, server exploits, hacking sites to replace lawful software with rankings and hacking into MSP backends. These are comparable strategies used in the past by GandCrab and you can see how Sodinokibi has grown based on its ID-Ransomware submissions. Last night, exploit kit investigator nao sec found that Sodinokibi, also known as REvil, is spread now through malvertising that leads to the exploit kit of RIG.
Nao sec informed BleepingComputer that this was accomplished through PopCash ad network advertisements that redirected users based on certain circumstances to the exploit kit. Through this Any.run session, shown below, Nao sec was able to show how the exploit kit infected a Windows computer. This ransomware is set to be a large player in the ransomware room by adding exploit kits to the distribution arsenal.
Sodinokibi Ransomware installed via Malvertising from BleepingComputer.com on Vimeo. As exploit kits depend on outdated software, the best defense is to ensure that you have installed all the recent safety updates for Windows, as well as updates for Flash, Java, PDF readers and browsers. Outdated and susceptible software can only open you up to the risk of infection. Image credit: BleepingComputer