Sodinokibi Switch To Monero To Hide Cash Trail

To protect the hacker’s identity Sodinokibi, ransomware switched from Bitcoin to Monero. If you are wondering what a ransomware, it is a malware that infects your devise and encrypts your data and asks for a ransom to restore access to it.

Based on the 11th of April, 2020 Cybersecurity news outlet’s BleepingComputer report — the use of Monero makes it harder to track ransom payments, by law enforcement

“Since the suspect used a combination of TOR and privacy coins, we could not trace the funds. We could not trace the IP addresses. Which means, we hit the end of the road. Whatever happened on the Bitcoin blockchain was visible and that’s why we were able to get reasonably far. But with Monero blockchain, that was the point where the investigation has ended. So this is a classical example of one of several cases we had where the suspect decided to move funds from Bitcoin or Ethereum to Monero.” (Source: THE FUNCTIONALITY OF PRIVACY COINS WEBINAR)

As per the report, the hackers behind the Sodinokibi ransomware posted on a hacker and malware forum an announcement regarding their switch to Monero. In the post, the cybercriminals explicitly stated that the switch was meant to make it harder for law enforcement to track the money.

In fact, the Sodinokibi payment website already pushes people away from paying with Bitcoin by increasing the price in the currency by 10% compared to the Monero price. Interestingly, the group also looks for partners who can get the data access back for the users at a discount so they can add a surcharge to it while.

Threat analyst at cybersecurity firm Emsisoft Brett Callow told Cointelegraph that anoncoin use for the payment of ransomware ransom payment is less common than many would expect.