Skip to content

The Sodinokibi ransomware perpetrators now shift to a non-traceable cryptocurrency – Monero

The Sodinokibi ransomware operators now accept only Monero as their ransom in cryptocurrency, abandoning the use of Bitcoin.

Ransomware is a kind of a malware or a virus that takes control of the victim systems and lock them down until the ransom that they’ve asked for be fulfilled under the threat of leaking sensitive and confidential data into the mainstream internet. Sodinokibi/REvil is one such ransomware. It is a threat that makes itself more prominent and fatal as each day progresses. There have been recent reports regarding the Sodinokibi ransomware cases where they’ve demanded a staggering amount of USD 2.3 million in BTC.

But, as a somewhat surprising change of events, the ransomware has now been demanding for the ransom to be paid in a different form of cryptocurrency, Monero instead of BTC, according to a recent report posted in BleepingComputer. This is a rather significant move, which well indicates how private, third-party administered coins are now being more preferred against the mainstream cryptocurrency by these rather well-organized cybercrime fleet, which helps them to get away undetected from the law enforcement.

The developers of the Sodinokibi ransomware have highlighted the same on a hacker and malware forum. The mention that by taking up the ways of privatized cryptocurrency, it’s tough for the cyber crime wing to detect and trace the perpetrators or even to trace the transfer of the ransom digitally. The developers also go furthermore by adding that they will soon abandon demanding payment in the form of BTC and completely shift to demanding the same in Monero; hence, their victims will have to familiarize themselves with using and obtaining that type of cryptocurrency. On the ransom drop-off site of the Sodinokibi Tor ransomware, they have also entirely made the shift from BTC to Monero by making Monero their default payment option. And they have even added that an additional 10% of the ransom will be mandated for those who will still want to pay in BTC.

The developers further make a point that due to the privacy features like those of obfuscation being included in the protocol, the option of passive mixing has been made available. All these somewhat anonymous protocols by Monero give all of its users in the network plausible deniability in case of being caught or bought into the notice of the authorities. They also support “other interested parties who work with us” to equip themselves more about the token in use.

They say that all the other companies that would come forward to help their victims in obtaining the private key decryptor will be awarded by an amount of the ransom. They state that “Our collaboration is completely anonymous. We do not disclose the data from our partners”. This implies that the data recovery teams that help out their victims will typically add a surcharge if hired by the victims, who will lead to an even better substantial profit with the additional discount by helping them switch over to Monero.

For the cybercrime wing, any activity that happens at the BTC blockchain turns visible, which will give them leads in investigating the case. But with these third-party administrator-run currencies like Monero blockchains, that would be the point where the investigation would typically end.

In a 2019 webinar, which was called “The functionality of privacy coins,” Jerek Jackubek as concurred the fact that the combination of Tor and Monero will have made the funds that were transferred to the developers untraceable. And he further went on to add that “Since the suspect uses a combination of Tor and privacy coins, the funds go untraceable. We could not trace the IP addresses, which means that we hit the end of the road.