Windows

Sodin: this is how the latest ransomware that has threatened Windows computers works

Anonim

We are talking again about security problems in Windows 10 and in this case due to a security breach discovered by Kaspersky researchers. The threat that the company has put on the table responds to the name of Sodin and it is a zero-day vulnerability with the code name CVE-2018-8453.

"

Sodin is a threat in the form of a new encryption ransomware that exploits a zero day vulnerability in Windows to gain elevated privileges and this way to take control of the infected computer."

"

Sodin is a ransomware that takes advantage of the architecture of the Central Processing Unit (the so-called CPU), where enables 64-bit encryption on the 32-bit processorand thus manages to avoid detection by alert systems. It is the so-called Heaven&39;s Gate technique. And this is one of the key points of this new ransomware ."

Sodin appears to be part of a RAAS (ransomware-as-a-service) scheme that is spreading rapidly because it does not require intervention for its installation by the user. This threat is being distributed via an affiliate program and they are nesting on external servers.

The attacker manages to install the ransomware on servers that subsequently distribute the infected software on the computers that download it and the user does not perceive the threat at any time.They have added hidden functionality that allows them to decrypt files without the downloaders knowing. It is a kind of master key that does not require a dealer key for decryption.

"

Fyodor Sinitsin, an expert at Kaspersky Lab, says that an increase in the number of Sodin attacks is to be expected,because the threat has It has been masterfully developed to evade detection and blocking systems. In order to try to protect itself, it urges users to keep the software on their computers up to date, including the software intended to protect against threats. It is also advisable to have backup copies in external sources and disconnected from the PC. The vulnerability CVE-2018-8453, however, was patched in late 2019"

More information | Kaspersky

Windows

Editor's choice

Back to top button