New Search

If you are not happy with the results below please do another search

1 search result for:


Details on Threat Group That Claims to Have Obtained President Trump’s Legal Documents

REvil/Sodinokibi Ransomware OVERVIEW The REvil/Sodinokibi threat group has taken ransomware attacks to a new level. While most variants, like the recent strain of DoppelPaymer ransomware, encrypt victim’s files, Proficio’s Threat Intelligence Team has seen an uptick of strains that also steal data to further pressure victims into paying ransoms. This group, infamously known as the one claiming to have obtained President Donald Trump’s legal documents, more recently attacked the law firm Grubman Shire Meiselas & Sacks (GSMLaw) which resulted in the exfiltration of multiple celebrities’ legal documents. In this blog, we will be sharing additional details we discovered based on our research on the REvil/Sodinokibi ransomware. RANSOMWARE DETAILS REvil/Sodinokibi ransomware was discovered back in April 2019, where it was initially found to propagate via exploitation of a vulnerability in Oracle WebLogic. REvil/Sodinokibi is a ransomware-as-a-service (RaaS) and was suspected to be associated with GandCrab, a RaaS that had shut down operations in May 2019. REvil/Sodinokibi was found to share similar codes with GandCrab ransomware, such as the random URL generation. Within the past year, REvil/Sodinokibi threat actors have been observed to utilize multiple techniques to spread ransomware to targets. Based on our research, some of distribution methods used are: Oracle […]