A Recent Spread of Ransomware Throughout Texas

Millions of people have become acquainted with ransomware the past couple of years. This is due to the increase in attacks that companies/governments have found themselves the targets of.

Do I need to remind you of the WannaCry— the ransomware that spread fear and panic across the globe— attacks that happened only two years ago?

Unfortunately for Texas, the state has become the new target of malware Sodinokibi. Sodinokibi is a ransomware that spent some time in the spotlight earlier this year for its attacks on an Oracle system.

Explaining Sodinokibi

I don’t know what it is about names of malware, but they’re either super simple and kind of teasing, like WannaCry, or completely out of the left-field, like Sodinokibi.

But, as it turns out, Sodinokibi was manufactured by the same group that created the GandCrab ransomware, which turned out to be a severe threat until it’s retirement.

With GandCrab retired, Sodinokibi aims to replace it. It seems set to cause the same, if not more, amount of damage to businesses and governments than GandCrab.

The main infection method of Sodinokibi is phishing; a link is sent by email that presents a file with a JavaScript file in it. Once the user lets the Java file run, it’s over; the system is infected.

After this, Sodinokibi acts like any other ransomware. Locking the system, encrypting data and asking for reimbursement in exchange for unlocking the system.

Since the ransomware typically presents itself as a phishing link, a lot of people won’t suffer at the hands of Sodinokibi. We hope most people aren’t clicking random links in emails. However, there are people that do.

And with Sodinokibi files rarely being detected by antivirus programs, the chance of the link being trusted increase tenfold.

All in all, Sodinokibi is a dangerous ransomware. It threatens to be as damaging as GandCrab if businesses and governments don’t protect themselves.

Don’t believe me? Ask Texas.

Ransomware Gone Rampant

Just the other week, 23 cities in Texas. were hit by Sodinokibi in what seems to be a coordinated attack. However, it wasn’t just cities that were attacked; government agencies were infected as well, encrypting data and locking officials out of their systems.

According to a few sources, the attack was carried out by one perpetrator, not a group as once thought. As for recovery, the systems infected were identified and are currently being cleansed of whatever filth Sodinokibi put on them.

The act of attacking U.S. cities is becoming an alarmingly common tactic, with states like Louisiana and Maryland suffering attacks too. Some of these were so bad that a state of emergency was declared in Louisiana.

Now that I remember, this trend isn’t limited to the United States either. South African city Johannesburg suffered from a major ransomware attack that affected the city’s power supply.

If anything, ransomware is not only becoming a more common form of attack but a more dangerous form of attack as well.

What’s worse is that ransomware can’t be stopped by using simple security setups like VPNs or antivirus programs, though these can help. However, since most ransomware is spread through phishing attempts, it’s up to the targeted user to ignore the attempt.

This tends to work out as well as you think. And since it only takes one person’s ignorance to spread ransomware, it is extremely easy to spread.

With many governments and systems being vulnerable to ransomware and various other forms of malware, it’s not shocking to see an increase of successful attacks.

Once companies, governments, and people, in general, learn the true risks of their information being stolen, maybe then we can start seeing a decrease in cyber-attacks. Until then, news of ransomware infections and data breaches are going to become more and more common.