Sodin Ransomware Exploiting Windows Zero-day, Kaspersky Warns
Stealthy ransomware is using a new exploit and can be triggered remotely
Stealthy ransomware that first appeared in 2019 is using a new exploit and can be triggered remotely, based on attacks in Asia, Europe and North and Latin America, according to security researchers.
The Sodin ransomware, also known as Sodinokibi and REvil, was initially distributed by exploiting a vulnerability in Oracle Weblogic, but is now exploiting a recently discovered zero-day Windows vulnerability (CVE-2018-8453), according to researchers at security firm Kaspersky.
This exploit enables Sodin to get elevated privileges in an infected system and takes advantage of the architecture of the central processing unit (CPU) to avoid detection.
Please select this link to read the complete article from ComputerWeekly.