A ransomware strain named Sodinokibi (also Sodin or REvil) is exploiting a vulnerability patched by Windows last year.
Microsoft issued a patch for the vulnerability, a privilege escalation flaw known as CVE-2018-8453, back in October 2018.
Unusually, the former zero-day has been spotted alongside ransomware, rather than other forms of malware. Security researchers have suggested that Sodinokibi is being distributed via a ransomware-as-a-service (RaaS) scheme, rather than being directly distributed by its creator.
Oracle addressed this vulnerability in their Security Alert Advisory – CVE-2019-2725. Users and administrators are encouraged to apply this update immediately.
Indicators of Compromise (IoC)
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.