Hsinchu, Taiwan – May 18, 2021 – The ransomware Sodin is first found in 2019. However, several big companies are infected with Sodin one by one in these days. For example, according to Kaspersky’s comments about REvil, the cybercriminal group, “REvil”, found the WebLogic vulnerability of Apple/Quanta and thus inject the “Sodin” ransomware, and steal the new Apple products designs. This is the targeted ransomware case. Also, the Asteelflash Group, the subsidiary of ASE group, the largest IC package company in the world, is attacked by this ransomware. The accumulated disasters have reached a big number. It is also a little bit weird that most victims are in Taiwan, Hong Kong, and South Korea.

(Source: https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html )

The Oracle WebLogic Server RCE Vulnerability is assigned as CVE-2019-2725. Lionic already studied this CVE and have designed virus signature in local and cloud signature. Any products which licensed Lionic’s Anti-Virus technology can protect against the Sodin ransomware.

  • Partial Anti-Virus local signature examples about blocking Sodin ransomware
VID Virus Signature Name Signature version
7018203 Trojan.Win32.Sodin.trKP 3.0.1221
7018315 Trojan.Win32.Sodin.trMD 3.0.1221
7017315 Trojan.Win32.Sodin.trwv 3.0.1194
7011084 Trojan.Win32.Sodin.tpU0 3.0.1037
7011081 Trojan.Win32.Sodin.tpTX 3.0.1037
  • Partial Anti-Virus cloud signature examples about blocking Sodin ransomware
VID Virus Signature Name
9107069508059163 Trojan.Win32.Cryptor.j
9122332502573897 Trojan.Win32.Cryptor.j
9155861080527257 Trojan.Win32.Cryptor.j
9105891124926807 Trojan.Win32.Encoder.j
9193183307486224 Trojan.Win32.Encoder.j

The Pico-UTM 100, the security network bridge made by Lionic, has these anti-virus signatures, of course. And Sodin is not the only ransomware. There are many other ransomware targeted the enterprises. So far Lionic has collected more than 30 million of ransomware instances. At least our cloud-based anti-virus database has them all. If those big companies can deploy large volume of Pico-UTM 100 in their LAN in advance, we think their impact will be minimized, or even no impact.

References:

  1. “Kaspersky comments on Apple Quanta REvil ransomware attack “, https://infinitecybersecurity.com/cybersecurity-news/kaspersky-comments-on-apple-quanta-revil-ransomware-attack/
  2. https://www.ithome.com.tw/news/143692
  3. “Sodinokibi ransomware exploits WebLogic Server vulnerability”, https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html

 

About Lionic Corporation

Lionic Corporation is a worldwide provider of innovative Deep Packet Inspection solutions. The technologies of Lionic include the complete DPI-based software engine and related management software which offer the Security Solutions that addresses anti-virus, anti-intrusion, anti-webthreat; and the Content Management Solutions that addresses application identification, device identification, application based QoS, web content filtering, parental control.

Lionic’s security and content management solutions, cloud-based scan services and signature subscription service are widely deployed in the world already. They help service providers, network appliance manufacturers, semiconductor companies, etc. to enable the next generation of business routers, residential gateways, SD WAN edges and cloud gateways, advanced firewalls, UTMs, Smart NICs and mobile devices. Those products powered by Lionic provide better network management and protect the world’s networks from an ever increasing level of security threats.