RANSOMWARE ATTACKS ON WINDOWS SERVERS: INFECTION AND RECOVERY
Abstract
Cyberattacks are a part of our reality and lately more and more or-ganizations think about what could be happened if they are attacked by a cryptovirus.At the same time the ransomware attacks are constantly evolving and cybercriminalsare looking for ways to expand the scope of their attacks and increase their profit.The ransomware-as-a-service (RaaS) model has become popular because it allows cy-bercriminals to attack more victims with less effort. Sodinokibi is a perfect exampleof RaaS and it is the 4th most widespread ransomware in the world, targeting mostlyAmerican and European companies. This is the reason why Windows Server environ-ments are affected victims by this type of attacks. This paper summarizes trends thatcharacterize the ransomware landscape in 2022. It is described the infection of a virtualmachine running Windows Server 2019 with Sodinokibi. The virtual machine has aninstalled .NET Framework web application that uses a Microsoft SQL Server database.The application’s database and executable files are synchronized with an external cloudserver. After infection an approach for successful recovering the application’s executablefiles and database is proposed.
Refbacks
- There are currently no refbacks.