New encrypt and open locked files features for Sodinokibi ransomware

The Sodinokibi (REvil) ransomware has added a new feature that allows it to encrypt more of a victim’s files, even those that are opened and locked by another process. Some applications, such as database or mail servers, will lock files that they have open so that other programs cannot modify them. These file locks prevent the data from being corrupted by two processes writing to a file at the same time. When a file is locked, this also prevents ransomware applications from encrypting them without first shutting down the process that locked the file.

Source: Bleeping Computer

The post New encrypt and open locked files features for Sodinokibi ransomware appeared first on IT Security Guru.