Hsinchu, Taiwan – May 18, 2021 – The ransomware Sodin is first found in 2019. However, several big companies are infected with Sodin one by one in these days. For example, according to Kaspersky’s comments about REvil, the cybercriminal group, “REvil”, found the WebLogic vulnerability of Apple/Quanta and thus inject the “Sodin” ransomware, and steal the new Apple products designs. This is the targeted ransomware case. Also, the Asteelflash Group, the subsidiary of ASE group, the largest IC package company in the world, is attacked by this ransomware. The accumulated disasters have reached a big number. It is also a little bit weird that most victims are in Taiwan, Hong Kong, and South Korea.
The Oracle WebLogic Server RCE Vulnerability is assigned as CVE-2019-2725. Lionic already studied this CVE and have designed virus signature in local and cloud signature. Any products which licensed Lionic’s Anti-Virus technology can protect against the Sodin ransomware.
- Partial Anti-Virus local signature examples about blocking Sodin ransomware
| VID | Virus Signature Name | Signature version |
|---|---|---|
| 7018203 | Trojan.Win32.Sodin.trKP | 3.0.1221 |
| 7018315 | Trojan.Win32.Sodin.trMD | 3.0.1221 |
| 7017315 | Trojan.Win32.Sodin.trwv | 3.0.1194 |
| 7011084 | Trojan.Win32.Sodin.tpU0 | 3.0.1037 |
| 7011081 | Trojan.Win32.Sodin.tpTX | 3.0.1037 |
- Partial Anti-Virus cloud signature examples about blocking Sodin ransomware
| VID | Virus Signature Name |
|---|---|
| 9107069508059163 | Trojan.Win32.Cryptor.j |
| 9122332502573897 | Trojan.Win32.Cryptor.j |
| 9155861080527257 | Trojan.Win32.Cryptor.j |
| 9105891124926807 | Trojan.Win32.Encoder.j |
| 9193183307486224 | Trojan.Win32.Encoder.j |
The Pico-UTM 100, the security network bridge made by Lionic, has these anti-virus signatures, of course. And Sodin is not the only ransomware. There are many other ransomware targeted the enterprises. So far Lionic has collected more than 30 million of ransomware instances. At least our cloud-based anti-virus database has them all. If those big companies can deploy large volume of Pico-UTM 100 in their LAN in advance, we think their impact will be minimized, or even no impact.
References:
- “Kaspersky comments on Apple Quanta REvil ransomware attack “, https://infinitecybersecurity.com/cybersecurity-news/kaspersky-comments-on-apple-quanta-revil-ransomware-attack/
- https://www.ithome.com.tw/news/143692
- “Sodinokibi ransomware exploits WebLogic Server vulnerability”, https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html
About Lionic Corporation
Lionic Corporation is a worldwide provider of innovative Deep Packet Inspection solutions. The technologies of Lionic include the complete DPI-based software engine and related management software which offer the Security Solutions that addresses anti-virus, anti-intrusion, anti-webthreat; and the Content Management Solutions that addresses application identification, device identification, application based QoS, web content filtering, parental control.
Lionic’s security and content management solutions, cloud-based scan services and signature subscription service are widely deployed in the world already. They help service providers, network appliance manufacturers, semiconductor companies, etc. to enable the next generation of business routers, residential gateways, SD WAN edges and cloud gateways, advanced firewalls, UTMs, Smart NICs and mobile devices. Those products powered by Lionic provide better network management and protect the world’s networks from an ever increasing level of security threats.
