Sodinokibi Crypto Ransomware Switches from Bitcoin to Monero to Hide Money Trail

A kind of ransomware — a malware that encrypts user data and asks for a ransom to restore access to it — switched from Bitcoin (BTC) to Monero (XMR) to better protect the hackers’ identities.

According to an April 11 report by cybersecurity news outlet BleepingComputer, using Monero will make it harder for law enforcement to track ransom payments to the hackers behind Sodinokibi. As the article mentions, Europol strategy analyst Jerek Jakubcek explained during a February webinar how anoncoins influence legal investigations:

“Since the suspect used a combination of TOR and privacy coins, we could not trace the funds. We could not trace the IP addresses. Which means, we hit the end of the road. Whatever happened on the Bitcoin blockchain was visible and that’s why we were able to get reasonably far. But with Monero blockchain, that was the point where the investigation has ended. So this is a classical example of one of several cases we had where the suspect decided to move funds from Bitcoin or Ethereum to Monero.”

“BTC will be removed”

Per the report, the hackers behind the Sodinokibi ransomware posted on a hacker and malware forum a post announcing their switch to Monero. In the post, the cybercriminals explicitly stated that the switch was meant to make it harder for law enforcement to track the money. The announcement reads:

“In this regard, we inform you that after a while the BTC will be removed as a payment method. Victims need to begin to understand the new cryptocurrency, as well as other interested parties who work with us.”

In fact, the Sodinokibi payment website already pushes people away from paying with Bitcoin by increasing the price in the currency by 10% compared to the Monero price. Interestingly, the group also looks for partners who can get the data access back for the users at a discount so they can add a surcharge to it while.

Threat analyst at cybersecurity firm Emsisoft Brett Callow told Cointelegraph that anoncoin use for…

Source Link