Sodinokibi Ransomware Exploits Windows Bug to Elevate Privileges
A new ransomware strain referred to as Sodinokibi or Sodin distinguishes itself from other strains by its exploitation of CVE-2018-8453, a privilege escalation vulnerability affecting Microsoft Windows 7, 8, 10 and various Windows Server editions. Microsoft released a patch in October of 2018, but many systems remain vulnerable.
Kaspersky research shows that the ransomware is mostly used to target systems in parts of East Asia, with the most targeted countries being Taiwan (17.56%), Hong Kong (9.76%), South Korea (8.78%) and Japan (8.05%). Other targeted countries include Germany (8.05%), Italy (5.12%), Spain (4.88%), Vietnam (2.93), the US (2.44%), and Malaysia (2.20%).