About Sodin Ransomware
Sodin Ransomware uses Cve-2018-8453 Vulnerability to penetrate your security
When the ransomware is done encrypting your files, it leaves a mc9530-readme.txt file with instructions in every folder:
Everyone knows that the Internet is a place where one can run into all kinds of hazardous virus programs. In today’s article, we will talk about one really problematic and difficult to handle form of virus which researchers tend to call Ransomware. This sort of viruses is very hard to handle since they differ greatly from all other versions of malware. In order to illustrate how they operate, we will take as an example one of their latest representatives which goes under the name of Sodin Ransomware. What the Sodin Virus does once it gets inside the computer is it renders inaccessible the victim’s data by using a highly-advanced encryption code. Immediately after the encryption takes place, the user is blackmailed into paying a ransom if they wish to obtain the key that is supposed to enable them to re-access the encryption-locked files. Details on how exactly to execute the ransom payment are generally given within a pop-up message which gets generated by the Ransomware as soon as the file encryption procedure has ended.
For those of you who have already stumbled upon this nasty malware piece, we’ve created a special removal guide which explains how to deal with the infection and how to remove it.
Risks of Sodin Ransomware
At the beginning of this article we said that Ransomware is not an ordinary type of malware and operates quite differently than most other kinds of computer threats. This is mainly because the Ransomware uses the method of file-encryption, which is generally non-harmful and commonly used data-protection method, to cause great harm to the users. What makes this malware type especially popular with cyber-terrorists is also the fact that most security programs usually don’t recognize the file-encryption processes as something malicious and, therefore, don’t take actions against it. In addition, virtually no warning signs are caused by this type of process and it is really tricky to detect and intercept it.
Removing Sodin Ransomware manually
As we would like to stop you from making a mistake that may cost you a lot of money, we are going to tell you why paying the ransom to the hackers behind Sodin Ransomware, .Besub, .Litar (or any other Ransomware) is perhaps not the most advisable “solution”. Naturally, the criminals that are blackmailing you really want you to send them the money and they are determined to do their best to convince you to follow their instructions. Typically, they promise to send you a special decryption key that is stored on their servers with the idea of “helping” you to regain access to your encrypted files. They also may give you a short deadline and may threaten to destroy that key if no ransom is paid within the given time. However, trusting the criminals and hoping that they will fulfill all of their promises once you give them your money is quite risky. Moreover, there is always a bothering possibility of paying the ransom and not obtaining anything in return. Not to mention that giving money to anonymous hackers is a direct form of sponsorship to their criminal practice. For this reason, what we would recommend is to opt for legitimate methods and alternatives that could help you remove the Sodin Virus and restore your files by other means. You can start by reviewing all potential solutions and ways to handle the Ransomware and give all of them a try, leaving the ransom payment as a final option if all else fails.
|Danger Level||High (Ransomware is by far the worst threat you can encounter)|
|Symptoms||Very few and unnoticeable ones before the ransom notification comes up.|
|Distribution Method||From fake ads and fake system requests to spam emails and contagious web pages.|
Remove Sodin Ransomware Guide
Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.
2: Task Manager
Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.
If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.
Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.
3: IP related to Sodin
Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.
Find where it says Localhost and take a look below that.
If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the Sodin.
To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.
If you want to avoid the risk, we recommend downloading SpyHunter - a professional malware removal tool - to see whether it will find malicious programs on your PC.
4: Disable Startup programs
Re-open the Start Menu and type msconfig.
Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10, it will send you to the Startup part of the task manager instead, as in the picture:
If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious as there could be a link between them and Sodin , disable those programs and select OK.
5: Registry Editor
Press Windows key + R and in the resulting window type regedit.
Now, press Ctrl + F and type the name of the virus.
Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.
6: Deleting potentially malicious data – Sodin
Type each of the following locations in the Windows search box and hit enter to open the locations:
Delete everything you see in Temp linked to Sodin Ransomware. About the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.
7: Sodin Decryption
The previous steps were all aimed at removing the Sodin Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. For that, we have a separate article with detailed instructions on what you have to do in order to unlock your data. Here is a link to that guide.