Sodinokibi Ransomware Hash List

Fortify Security Team
Mar 4, 2021

Threat actors using the Sodinokibi ransomware made “at least” $123 million in 2020, stealing roughly 21.6 terabytes of data. Sodinokibi was the most-used ransomware observed by the researchers, accounting for 22% of all incidents in 2020.

36e7e6e082d1e6ee602fc2ca8cc1d93bde4a95aafa891d612ecd39d27101d6fc
4b0d2023b27949eecdfd58fbc714e92662f603d0ffd5978c9a838de0afe884e2
07c872ff0e47c85b0f2af6a03687bc0d336a3d8df1dc3084b6e91d14fae0cf6a
17b477623a227f915e1a0ba5dbd75fc0e10f7de6fa6dda5b0c68f20e527a5da0
4e2f224134e1473a2d03de8b2a95cf19f14009142f4a1b15809bec55edd8acb1
58ca453b81a5506420ef00a945ad3b3841e4ad7d5ecaf1bb983ac3c3db5ab8c1
e5429b79ef182cef74e1678db535f158b916cd2600d130d9b95d0d8722ad4a04
794da0ca9dd97421afd80b3f9aaf6e25dcb969adc296825a439feac58a77025a
4e5c233cf1270e2dac1a35ab36907ee23189fd424625fbcd7da10e49e7ae331c

 

Recent Posts

Maui Ransomware – Technical Details

Since May 2021, the FBI has observed and responded to multiple Maui ransomware incidents at Healthcare and Public Health (HPH) Sector organizations. North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for...

MedusaLocker Ransomware Technical Details

Observed as recently as May 2022, MedusaLocker actors predominantly rely on vulnerabilities in Remote Desktop Protocol (RDP) to access victims’ networks. The MedusaLocker actors encrypt the victim’s data and leave a ransom note with communication instructions in every...

Karakurt Data Extortion Group

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury), and the Financial Crimes Enforcement Network (FinCEN) are releasing this joint Cybersecurity Advisory (CSA) to provide...

CVE-2022-30190 aka Follina

Move over log4j, there is a new 0-day vulnerability being exploited in the wild. The first sample that exploits the vulnerability appeared on VirusTotal on April 12th, 2022. Successful exploitation allows an attacker to run arbitrary code with the privileges of the...

BlackCat/ALPHV Ransomware IOCs

As of March 2022, BlackCat/ALPHV ransomware as a service (RaaS) had compromised at least 60 entities worldwide and is the first ransomware group to do so successfully using RUST, considered to be a more secure programming language that offers improved performance and...

Ragnarlocker Ransomware IOCs

RagnarLocker is identified by the extension “.RGNR_<ID>,” where <ID> is a hash of the computer’s NETBIOS name. The actors, identifying themselves as “RAGNAR_LOCKER,” leave a .txt ransom note, with instructions on how to pay the ransom and decrypt the data....

IOCs Associated with Ranzy Locker Ransomware

The FBI first identified Ranzy Locker ransomware in late 2020 when the variant began to target victims in the United States. Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021. The victims include the...