A deserialization vulnerability (CVE-2019-2725) was discovered in Oracle WebLogic Server that allows attackers to gain full access to the server in order to install malware or use it as a launchpad for further attacks. Oracle released a patch that should be immediately installed so that you become protected. Sodinokibi Ransomware will issue commands to delete shadow volume copies and disable Windows startup repair. When encrypting files, it will utilize a random extension that is unique for each infected machine. When a victim visits the site, they will be shown a page that displays the ransom amount and a bitcoin address.
Source: https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-being-installed-on-exploited-weblogic-servers/