Sodinokibi Ransomware Removal and Recovery

Sodinokibi is ransomware that encrypts all the files on local drives except for those that are listed in their configuration file. We see Ransom. Sodinokibi being dropped by variants of Trojan.MalPack.GS that previously used to drop Ransom.

What is Sodinokibi Ransomware?

Sodinokibi ransomware is a family of ransomware that targets Windows systems and computers. It targets an Oracle Weblogic vulnerability to to take over a machine and system. Like most ransomware, Sodinokibi encrypts important files and requests a ransom in order to decrypt them. Time is key in many Sodinokibi attacks, the ransom for the decryption keys typically doubles every few days. It usually starts around $2500 and goes up the longer it takes the victim to pay.