0      0

(ISC)2 Security Congress 2022

2101741 - No More Sodinokibi - A Hybrid Software Application for Detecting the REvil/Sodinokibi Ransomware

Oct 10, 2022 2:30pm ‐ Oct 10, 2022 3:30pm


Criminals behind the REvil (Ransomware Evil) group were arrested on January 2022 after causing millions of dollars of damages to different kinds and sizes of companies. This talk covers the results of the presenter's masters research. The outcome of such research is a Python application that successfully detects evidence of the presence of the REvil/Sodinokibi ransomware, both on traditional/on-premises as well as cloud systems. REvil infection case studies, previous malware research and particularities of Sodinokibi had to be taken into consideration while creating the detection application and are covered in this talk. Possible remediation actions leveraging the automation power of the cloud are also proposed.

Learning Objectives:
  • Comprehend details about the REvil/Sodinokibi ransomware, such as infection methods, damage level and spread paths.
  • Know about infection use cases around the world and the financial and reputation damage caused to companies.
  • Learn a detection tool based on Python that successfully points to the presence of the malware on a system in very short time, giving opportunities to activate remediation steps.


You must be logged in and own this session in order to post comments.