How to remove Sodinokibi ransomware from Mac




Cannot open files, files encrypted, the ransom message

Infection methodInfected emails attachments, torrent files, malicious ads

System damage

All files are encrypted and personal data leaked


Manual removal with CleanMyMac X antimalware tool

Ransomware has one purpose when it attacks a computer — to get money from you. The Sodinokibi malware is no exception. You can tell it has infected your computer when all of your files are encrypted, and it will typically display a ransom note with instructions on how to pay the hackers.

The unfortunate thing is that even if you remove the ransomware from your computer, your files will still be locked. And while there are a handful of apps that claim to be able to unencrypt your files from a ransomware attack, it’s best not even to try. A lot of those apps will only further damage your files. 

Once you’ve gotten to this point, the only two options you have are to erase everything on your hard drive and start fresh or follow the ransom note’s instructions and hope for the best. The latter is not recommended, though. Instead, we recommend restoring your Mac from a reliable backup if you have made one before having your files encrypted. 

How did it get on my computer?

Typically, ransomware infects computers by coming in through a malicious email attachment. But they can get on your Mac with the torrent files you download or dubious ads that trick you into running apps.

If your computer does end up infected with Sodinokibi, the best thing you can do is disconnect any device you might have connected and get it off the internet. Ransomware can spread to other computers on the same network, and if you have an external hard drive plugged in, it’s likely to also encrypt the files on there.

How to remove Sodinokibi from your Mac

As you’ve read earlier, once Sodinokibi has encrypted the files on your computer, there’s not much you can do. But if you’re not going to wipe your hard drive, then you’ll want to get rid of any trace of Sodinokibi. Follow these steps to remove Sodinokibi from your Mac:

  1. In Finder, click Go > Applications > Utilities.
  2. Open Activity Monitor.
  3. Look for any process that looks suspicious. Typically, it will be one that appears to be generic but is using up a lot of processing resources. 
  4. Select that process and click the “X” icon in the top left.
  5. Confirm to Force Quit the apps.
  6. Then, back in Finder, click Go > Go to Folder.
  7. Type Library/LaunchAgents in the dialogue box and hit Go.
  8. Again, see if you have any suspicious files in there, and then just delete them.

Repeat steps 6-8, but when you get to Step 7, copy and paste one of these other folders:

  • ~/Library/Application Support
  • ~/Library/LaunchAgents
  • /Library/LaunchDaemons

After you’ve finished getting rid of any support files Sodinokibi installed, the last thing you’ll want to check for is any apps it might have installed.

  1. Open a new Finder window.
  2. Click Go > Applications.
  3. Find anything related to Sodinokibi and right-click on it.
  4. Select Move to Trash.
  5. Then, right-click on the Trash icon in your dock and select Empty Trash.

Now that you’ve gotten rid of everything, you should restart your computer just to make sure there’s nothing dubious running or lurking in the background.

Get rid of other malware on your computer

One of the ways ransomware like Sodinokibi can end up on your computer is through other malware installed. So, to help protect your Mac from other malware, it’s a good idea to scan it with CleanMyMac X periodically. It can quickly find and remove malware and other harmful software that’s trying to hide on your computer.

This is all there is to get rid of malware using CleanMyMac X:

  1. Download CleanMyMac X here.
  2. Install and open the app.
  3. Click Malware Removal in the sidebar.
  4. Then hit the Scan button. If any threat has been found, click Remove.
Scan completed in malware removal module of CMMX

Anytime you uninstall an app, if you don’t use an uninstaller, it can leave behind support files that may leave your Mac vulnerable and exposed to other apps and malware. That’s why CleanMyMac X also has an Uninstaller feature that removes app leftovers and helps delete apps completely:

  1. Open CleanMyMac X (download its free edition here).
  2. In the sidebar, click Uninstaller.
  3. Click the Leftovers category.
  4. Select all the apps listed and then hit the Uninstall button.

That’s really how simple it is to help keep your computer protected with CleanMyMac X.

Sodinokibi and other ransomware are not something you ever want to have to deal with. But there are two things you can do now to help protect your computer and your data. First, make sure you have a reliable backup, and second, regularly scan your Mac for malware.

If you have a reliable backup, then wiping your entire hard drive and restoring those files will become an easy decision when all of your files get encrypted. Sure, it’ll be a bit of a headache, but at least it will save you thousands of dollars, and you’ll still have your data.

Using an app like CleanMyMac X to scan for malware can make all the difference in keeping your data secure. It will protect your computer from any vulnerabilities and help expose any suspicious software that might be hiding on your hard drive.

Laptop with CleanMyMac
CleanMyMac X

Your Mac. As good as new.