Sodinokibi Ransomware Spreads in Recent Attacks

The Sodinokibi ransomware variant, increasing in activity since the shutdown of GandCrab, initiated multiple attacks, including hacking legitimate sites and managed service providers (MSPs), and engaging in spam campaigns. The threat actors behind the ransomware hacked MSPs via Remote Desktop Services and their management console in order to push the ransomware to end user devices. Webroot forced customer account logouts and enabled mandatory multi-factor authentication as a result of the attack. The NJCCIC recommends users and administrators ensure they follow cybersecurity best practices, employ a defense-in-depth cybersecurity strategy, use an endpoint detection and response solution, and have a comprehensive data backup plan. The Bleeping Computer article provides additional details.