Already one of the most dangerous forms of ransomware, now Sodinokibi looks like it could also be attempting to make money from stolen payment information too.
Sodinokibi – also known as REvil – emerged in April 2019 and it has gone onto be one of the most damaging families of ransomware in the world today.
But now researchers at Symantec have spotted a new element in recent campaigns, with the attackers scanning compromised networks for PoS software.
It’s possible that the attackers could be looking to scrape this information as means of making additional money from campaigns, either by directly using the payment information themselves to raid accounts, or to sell it on to others on underground forums.
This wouldn’t be the first time the hackers behind Sodinokibi have looked to exploit data they’ve compromised in attack; along with the Maze ransomware group, they’ve threatened to release information stolen from victims if they don’t pay the ransom – and they’re now auctioning it off to the highest bidder.
Sodinokibi’s new PoS scanning technique has been spotted in a campaign targeting the services, food and healthcare sectors. Researchers describe the two victims in the food and services arena as large, multi-site organisations that would be seen by attackers as capable of paying a large ransom.
Therefore, one of the best ways an organisation can prevent itself from falling victim to Sodinokibi – and many other ransomware or malware attacks – is to ensure the network is patched with the most recent security updates to protect against known vulnerabilities.
Free Ransomware Simulator Tool
Bad guys are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?
KnowBe4’s “RanSim” gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 18 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.
Here’s how it works:
- 100% harmless simulation of real ransomware and cryptomining infections
- Does not use any of your own files
- Tests 19 types of infection scenarios
- Just download the install and run it
- Results in a few minutes!
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/ransomware-simulator-tool-partner?partnerid=001a000001lWEoJAAW