Specialists in ethical hacking from the cybersecurity firm Kaspersky reported the discovery of a new ransomware variant much more dangerous than encryption malware conventionally used by threat actors.
This new malware, known as Sodin, exploits a zero-day flaw in the Windows operating system tracked as CVE-2018-8453; in other words, the targeted user doesn’t even have to be exposed to a phishing campaign for hackers to gain access to the compromised system (phishing is the main attack vector to infect a system with ransomware).
As ethical hacking specialists report, threat actors should only find a vulnerable server and execute a command that downloads the malicious file called “radm.exe”. This file stores the ransomware locally and then runs it.
Researchers at the cybersecurity firm added that the Sodin ransomware also employs a technique known as “Heaven’s Gate”, which allows hackers to execute 64-bit code from a 32-bit execution process. “This is an unconventional behavior in ransomware attacks, making it difficult to detect and analyze the malware,” the experts said.
Hackers reportedly demand a ransom of up to $2,500 USD in cryptocurrency from all victims of the malware. So far, most Sodin infections have been detected on the Asian continent, mainly in Taiwan, South Korea and Hong Kong. However, ethical hacking specialists from the International Cyber Security Institute (IICS) do not rule out the possibility that some cases of infection will begin to emerge in North and Latin America.
Ransomware is one of the most commonly used cyberattack variants nowadays; however, it is rare to find such a complex encryption malware, capable of exploiting the CPU architecture itself to infect a device. Due to the large number of potentially vulnerable systems, reports of Sodin infection are expected to grow exponentially in the coming months. “It is obvious that the developers of this malware invested huge resources in their creation, so they will try to recover their assets as soon as possible”, the experts concluded.