Sodin, Sodinokibi, REvil or BlueBackground Ransomware encrypts user data with AES, and then requires a ransom at 0.475–0.950 BTC to return files. It exploits a zero-day, CVE-2018-8453, was previously abused by an APT, and was patched in the Oct 18 Patch Tuesday.
Update: A newer Version is available for
REvil Ransomware
Update: REvil Linux variant detected in the wild.
Sodinokibi Ransomware Signatures
Family: Trojan:Win32/Casdet!rfn
MD5: 1ce1ca85bff4517a1ef7e8f9a7c22b16
SHA256: 06b323e0b626dc4f051596a39f52c46b35f88ea6f85a56de0fd76ec73c7f3851
Sodinokibi Ransomware Download