Sodinokibi, also known as REvil, is a ransomware that works by encrypting user files on infected computers. Hackers demand money for the release of the victim’s data. Failure to pay the ransom causes the files to be destroyed or permanently locked away. The average ransomware payout is 0.5 bitcoins or roughly $4000.
How Does the Sodinokibi Ransomware Work?
Sodinokibi is a ransomware-as-a service (Raas) and is similar to another notorious ransomware called GandCrab. It even shares the same source code as GandCrab, although its creators are quick to dismiss any suggestions that Sodinokibi is a successor of GandCrab.
The ransomware works by targeting Windows systems and is known for seeking to exploit vulnerabilities in computers that have not been recently updated. It also exploits vulnerabilities on other non-Windows software such as the Oracle WebLogic. It can also be distributed as part of phishing campaigns.
In 2019, Sodinokibi was part of an extensive hacking campaign that crippled many computers in places such as Texas. It also infected a data backup service used by dental practices across the US, as well as the computers of a New York Airport. In all of these cases, the attackers behind the malware demanded hefty compensation before allowing the victims access to their data.
How Does Ransom-as-a-Service (Raas) Work?
Ransomware -as-a-service is a new way of spreading a malware that involves distributing a malware entity to affiliates. The affiliates can then choose specific targets based on their technical skills or end goals. Some Sodinokibi affiliates, for instance, specifically target IT service providers and managed security providers because of the many computers that are managed by these two groups. When an affiliate successfully infects a computer, they share any profits with the malware creator. According to some reports, there are as many as 41 active Sodinokibi affiliates.
Can Sodinokibi Be Removed?
It is very hard to remove Sodinokibi from an infected computer and almost all attempts fail ed. The hackers behind the ransomware are also very vicious in their campaigns to punish anyone who dares to try and remove Sodinokibi from their infected computer. They even publish user’s data online to warn others against any attempts at removing the malware.
If your computer is infected by the ransomware, you can use a free decryptor from the no more Ransom Project to try and access your files. Unfortunately, so far, there is no known decryptor that works against Sodinokibi.
So, what can you do if your computer is infected by Sodinokibi? Paying ransom should be the last thing on your mind because it only emboldens the hackers to act more aggressively. What you can do instead is to take preventive measure that will make it hard for an infection to happen in the first place. Alternatively, you can wipe your computer clean and start over.
Let us look at some of the drastic methods of dealing with the malware first. Be advised that none of these methods will help you recover your files. The y will just remove the infection from your PC.
Reset Your Computer
Resetting your computer will remove all malware and return the Windows version that you are running to default. Here is how to reset a Windows 10/11 computer:
- Open Start > Settings > Update & Security > Recovery. Under Reset this PC, select Get started > Open Recovery settings.
You can also reset your computer through the following other method:
- Select Start while pressing and holding the Shift key and clicking the Power icon. Now press the Restart button to start your computer into Recovery Mode. After the computer restarts, select Troubleshoot > Reset this PC.
If you choose to reset your computer, you will get a prompt that will ask whether you would want to keep your files. If they are infected by the Sodinokibi malware, there is no need to keep them.
Format Your Hard Drives
Before taking the drastic step below, you should first consider wiping your hard disks clean, so that you can eliminate all the hiding places of the Sodinokibi malware. Here is how to wipe your hard drives clean by formatting them:
- Into the Windows search, type ‘disk management’.
- On the Disk Management app, select the hard drive that you want to format. Choose Format.
- Create a name for the new partitions if you are going to create new ones, and choose the file system.
- Follow the on-screen directions to finish the formatting.
Install a Fresh Version of Windows
The other option to reset your computer is to install a fresh version of the Windows operating system. This will delete all the files on your PC and just like a reset, it will return your computer to its default state.
How to Prevent Sodinokibi from Infecting your Computer
When it comes to malware such as Sodinokibi, prevention is better than cure, and you can take several steps to keep yourself safe. Here are a few of them:
Install an Anti-Malware
You probably have an anti-malware installed on your computer, so you just have to make sure that is not for free. Premium anti-malware solutions such as Outbyte Anti-Malware are your best bet not just against the likes of Sodinokibi, but also against other threats facing your PC.
Update Your Computer
Malware will exploit software vulnerabilities if there are no patches available. That’s why you need to constantly update your computer.
Beware of Attachments and Infected Sites
If you are not sure about the security credentials of a site, it is best not to visit it. Also, try not to click on attachments from sources that you are not familiar with as that is how malware spreads.
Back Up Your Data
Malware, especially ransomware, will only have a devastating effect on you if you have something to lose. So, if you keep your data safe on an external hard drive or on Google Drive, it will lessen the impact of any attack.