Sodinokibi

URI: https://gptkb.org/entity/Sodinokibi
GPTKB entity
Statements (51)
Predicate Object
gptkbp:instanceOf malware
gptkbp:acceptsPaymentMethod gptkb:Bitcoin
gptkb:Monero
gptkbp:affects businesses
healthcare organizations
government organizations
individual users
gptkbp:alsoKnownAs gptkb:REvil
gptkbp:associatedWith gptkb:Ransomware-as-a-Service
gptkbp:countryOfOrigin unknown
gptkbp:developedBy unknown cybercriminal group
gptkbp:encryptsFiles true
gptkbp:exploits gptkb:CVE-2019-19781
gptkb:CVE-2019-2725
gptkb:CVE-2019-11510
CVE-2018-8453
CVE-2019-7481
gptkbp:firstAppearance April 2019
gptkbp:hasWebsiteOn gptkb:dark_web
https://www.w3.org/2000/01/rdf-schema#label Sodinokibi
gptkbp:language gptkb:Russian
English
gptkbp:leaksData true
gptkbp:notableBattle JBS Foods cyberattack
Travelex cyberattack
gptkbp:notableVictim gptkb:Xerox
gptkb:Quest_Diagnostics
gptkb:Brown-Forman
gptkb:JBS_Foods
gptkb:Travelex
gptkb:Grubman_Shire_Meiselas_&_Sacks
GSMLaw
Kennon Parker
gptkbp:platform gptkb:Microsoft_Windows
gptkbp:prohibits gptkb:CIS_countries
gptkbp:ransomDemanded gptkb:cryptocurrency
gptkbp:ransomNoteFileName [random]-readme.txt
gptkbp:ransomwareFamily gptkb:REvil
gptkb:Sodinokibi
gptkbp:shutDownDate July 2021
gptkbp:spreadTo malicious websites
phishing emails
exploit kits
gptkbp:usesAffiliateModel true
gptkbp:usesDataLeakSite true
gptkbp:usesDoubleExtortion true
gptkbp:usesEncryptionAlgorithm gptkb:RSA
gptkb:Salsa20
gptkbp:usesTor true
gptkbp:bfsParent gptkb:REvil
gptkbp:bfsLayer 5