Sodinokibi crypto-ransomware was discovered to switch from Bitcoin (BTC) to Monero (XMR), striving to protect the hackers’ identities. By description, ransomware is malware that encrypts user data and asks for a ransom to restore access to it. In the wake of COVID-19, hackers are using this strategy to steal from investors.
Based on an April 11 report compiled by BleepingComputer, a cybersecurity news outlet, using Monero will become more challenging for law enforcers to track ransom payments to the hackers behind Sodinokibi. According to that report, Europol strategy analyst Jerek Jakubcek highlighted in a February webinar how anon coins influence legal investigations:
“Since the suspect used a combination of TOR and privacy coins, we could not trace the funds. We could not trace the IP addresses. Which means, we hit the end of the road. Whatever happened on the Bitcoin blockchain was visible, and that’s why we were able to get reasonably far. But with Monero blockchain, that was the point where the investigation has ended.”
This incident appears to be a perfect example of one of the many cases that have happened previously where the criminal moves fund from Bitcoin or Ethereum to Monero.
‘Bitcoin Will Be Removed’
The hackers behind the Sodinokibi ransomware even published on a hacker and malware forum. They wrote a post stating that they had switched to Monero, according to the report. In that post, the hackers openly said that their move was influenced by the attempts to make it harder for law enforcement to track the money. That announcement read:
“In this regard, we inform you that after a while, the BTC will be removed as a payment method. Victims need to begin to understand the new cryptocurrency, as well as other interested parties who work with us.”
Notably, the Sodinokibi payment website is already discouraging people from paying with Bitcoin by adding the price in the currency by up to 10% when compared to the Monero price. The group also seeks partners to get the data access back for the users at discounted rates to enable them to add a surcharge to it.
Brett Callow, a threat analyst, working at cybersecurity firm Emsisoft, told reporters that anon coin use for payments of ransomware ransoms is less common than most people would expect. He also believes that several other ransomware groups might follow the same strategy:
“While there are some instances of demands being made in alternative currencies, this will be the first time that a major ransomware group has settled on a currency other than
Bitcoin. Like other businesses, criminal enterprises adopt strategies that have been proven to work and, accordingly, if this switch proves successful for REvil, we’d expect to see other groups begin to experiment with demands in currencies other than bitcoin.”
Ransom Attacks Are Increasing
Many analysts now believe that ransomware developed and distributed by well-organized cybercrime entities and groups are the biggest cybersecurity threats currently. In that context, a UK-based firm recently paid hackers around $2.3 million in bitcoin after the Sodinokibi ransomware infected it.
Most investors and analysts are afraid that the current coronavirus pandemic will increase the consequences of successful attacks on healthcare providers. Microsoft recently told hospitals to enhance their security infrastructure to avoid falling victim to these criminals’ ransomware attacks.
Crypto Holders Targeted By COVID-19 Scammers, FBI Warns
The Federal Bureau of Investigations (FBI) said that it expects an increase in the number of crypto-related scams connected to the coronavirus health crisis. The FBI warned in an April 13 press release that the expected surge would only be fueled by more people joining the crypto industry.
The elderly are the easiest targets. Nonetheless, the FBI believes that people of all ages could be victimized. The press release reads:
“There are not only numerous virtual asset service providers online but also thousands of cryptocurrency kiosks located throughout the world which are exploited by criminals to facilitate their schemes. Many traditional financial crimes and money laundering schemes are now orchestrated via cryptocurrencies.”
The Agency warned Americans to be on the lookout for work from home scams, blackmail attempts, fake coronavirus treatments or preventive measures, and some of the traditional investment scams. The most common are emails or letters in which the author issues threats of infecting the victim or their family with COVID-19 unless a payment is made to a provided Bitcoin wallet address.
Some criminals have tried to steal crypto by tricking people into thinking that they are sending Bitcoin donations to the World Health Organization (WHO) to combat the pandemic. The FBI advises people to verify the authenticity of charities before sending their contributions.
Sodinokibi crypto-ransomware has reportedly switched from Bitcoin (BTC) to Monero (XMR), striving to protect hackers’ identities from the authoritities.