Sodinokibi Ransomware attack on GEDIA

1865

German automobile spare parts maker GEDIA is in news for wrong reasons. A hacking group related to Sodinokibi is threatening to publish data which it procured after encrypting the database of Gedia with the file-encrypting malware.

 


News is out that the hacker’s group related to Sodinokibi wants to prove their stand and so are threatening the automotive company to publish a portion of data that has been encrypted for ransom.

 

 

Going deep into the details, the Sodinokibi group has announced yesterday that a Microsoft Excel sheet containing over 50GB data of the company’s Active Directory is with them and was stolen before their team encrypted the entire database.

 

Security experts believe that the infiltration and malware induction took place with the open-source AdRecon Tool.

 

Note 1- GEDIA which has its business operations in the United States, Hungary, India, Mexico, Spain, Poland along with Germany is yet to confirm details of the ransomware attack. But Sodinokibi reported on a Russian hacking forum that they now hold ownership for data related to drawings, employees and customers which will be published onto the internet if Gedia fails to pay them a demanded sum in Cryptocurrency.

 

Note 2- Sodinokibi has indulged in similar tactics earlier as it infiltrated the database of Artech Information Systems and published their data when the diversity supplier failed to bow down to the demands of the hackers.

 

Note 3- No More ransom project which is being backed by Law enforcement agencies, IT and Cybersecurity firms like Barracuda, Kaspersky, Europol, and McAfee promises to offer a free decryption tool for such malware in near future.

 

Note 4- And the companies need to know that the only preventive measure to avoid this malware is to create awareness among the staff to not click on phishing emails and keep the OS & security software updated with the latest patches.