Hackers exploit the recently disclosed Oracle WebLogic Server remote code execution vulnerability to install a new variant of ransomware called Sodinokibis The vulnerability allows anyone with HTTP access to the server can carry out the attack without authentication. The infection starts with the HTTP POST request which contains the. PowerShell or certutil command to download the malicious files and execute it. Once the infection triggered it executes the vssadmin.exe utility which adds shadowstorage that allows Windows to create a manual or automatic backup. The ransomware tries to delete the backup mechanism to stop the data recovery process.”]
Source: https://gbhackers.com/oracle-weblogic-zero-day-with-ransomware/