Sodinokibi Ransomware affiliates are using a wide range of tactics to distribute the ransomware and earn a commission. The GandCrab operation has shut down and affiliates are looking to fill the hole left behind with other ransomware. These attacks involve hacking into managed service providers (MSPs) to push the ransomware to managed endpoints. One attack appeared to have used the MSP’s Kaseya VSA console to push a file called 1488.bat to end points and execute it.
Source: https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-spreads-wide-via-hacked-msps-sites-and-spam/

