|
gptkbp:instanceOf
|
malware
|
|
gptkbp:acceptsPaymentMethod
|
gptkb:Bitcoin
gptkb:Monero
|
|
gptkbp:affects
|
files and data
|
|
gptkbp:affiliatedWith
|
cybercriminals
|
|
gptkbp:alsoKnownAs
|
gptkb:REvil
|
|
gptkbp:developedBy
|
gptkb:REvil_group
|
|
gptkbp:distributedBy
|
phishing emails
software vulnerabilities
exploit kits
remote desktop protocol brute force
|
|
gptkbp:doubleExtortion
|
data exfiltration and encryption
|
|
gptkbp:enemyOf
|
ransomware-as-a-service
|
|
gptkbp:firstAppearance
|
April 2019
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
Sodinokibi ransomware
|
|
gptkbp:language
|
gptkb:Russian
|
|
gptkbp:lawEnforcementResponse
|
international law enforcement takedown
|
|
gptkbp:notableBattle
|
gptkb:JBS_Foods_attack
gptkb:Kaseya_VSA_supply_chain_attack
gptkb:Travelex_attack
|
|
gptkbp:notableFeature
|
modular design
command and control communication
network propagation
obfuscation
anti-analysis techniques
automatic deletion of backups
custom ransom notes
leak site for publishing stolen data
|
|
gptkbp:notableVictim
|
gptkb:JBS_Foods
gptkb:Travelex
Kaseya customers
|
|
gptkbp:operatingSystem
|
gptkb:Microsoft_Windows
|
|
gptkbp:prohibits
|
gptkb:CIS_countries
|
|
gptkbp:ransomDemanded
|
gptkb:cryptocurrency
|
|
gptkbp:ransomDemandRange
|
thousands to millions of USD
|
|
gptkbp:ransomNoteExtension
|
gptkb:.REvil
.Sodin
.[random]
|
|
gptkbp:ransomNoteFile
|
[random]-HOW-TO-DECRYPT.txt
[random]-readme.txt
|
|
gptkbp:relatedTo
|
gptkb:GandCrab_ransomware
|
|
gptkbp:repository
|
not publicly available
|
|
gptkbp:shutDown
|
July 2021
|
|
gptkbp:supportsAlgorithm
|
gptkb:RSA
gptkb:AES
|
|
gptkbp:target
|
businesses
healthcare organizations
government organizations
managed service providers
|
|
gptkbp:uses
|
double extortion
|
|
gptkbp:bfsParent
|
gptkb:SystemBC
|
|
gptkbp:bfsLayer
|
6
|