Sodinokibi Ransomware crew chooses Monero for ransom payments

Pierluigi Paganini April 13, 2020

The crew behind the Sodinokibi Ransomware plans to stop accepting Bitcoin and switched on Monero cryptocurrency to hide the money trail.

The gang behind the Sodinokibi Ransomware has started accepting the Monero cryptocurrency instead of Bitcoin to make it harder investigation by law enforcement agencies.

The crew is planning to doesn’t allow bitcoin payments in the future.

The use of the Tor anonymized network to make Monero payments makes it impossible to trace the funds and attempt to de-anonymize the threat actors behind the campaign.

Any transaction in the Monero cryptocurrency scheme is anonymous due to the CryptoNote application layer protocol and the obfuscation implements into the protocol.

Sodinokibi operators announced that they will remove Bitcoin as an accepted payment method.

“In this regard, we inform you that after a while the BTC will be removed as a payment method. Victims need to begin to understand the new cryptocurrency, as well as other interested parties who work with us,” Sodinokibi operators declared.

“On the Sodinokibi Tor payment site, the ransomware operators have already started to move away from bitcoin by making Monero the default payment currency.” reported BleepingComputer.

Sodinokibi monero

To discourage the use of Bitcoin, the crooks increase the Bitcoin ransom amount by 10% respecting Monero ones.

The Sodinokibi operators are also offering a discount to the companies that will assist their victims in paying the ransom. In many cases, victims of ransomware pay companies to assist them in recover the data and if necessary to contact the ransomware gang to pay for the descriptor. Sodinokibi operators are offering to these companies a significant discount that could be added to their fee.

“Companies that assist our victims in acquiring the decryptor will be pleasantly surprised by the% discount on the amount of the ransom. In order to start working with us, it is enough to write in a chat and introduce yourself as a company of this type of activity. Our collaboration is completely anonymous. We do not disclose the data of our partners,” states the ransomware operators.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – ransomware, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment