Hackers Use Monero Instead of Bitcoin to Cover Money Trail
A type of ransomware, which can be categorized as malware that encodes user info and demands huge sum to give back access, shifted from the use of Bitcoin (BTC) to Monero (XMR) to safeguard identities of hackers in a better manner.
As per cybersecurity news publication BleeptingComputer, utilizing Monero will turn it difficult for regulatory agencies to trace ransom amounts sent to hackers behind Sodinokibi. As the document indicates, Europol data analyst Jerek Jakubcek detailed how anoncoins impact legal scrutiny in a February webinar.
“Since the suspect used a combination of TOR and privacy coins, we could not trace the funds. We could not trace the IP addresses. Which means, we hit the end of the road. Whatever happened on the Bitcoin blockchain was visible and that’s why we were able to get reasonably far. But with Monero blockchain, that was the point where the investigation has ended. So this is a classic example of one of several cases we had where the suspect decided to move funds from Bitcoin or Ethereum to Monero.”
According to the document, the hackers hiding behind Sodinokibi ransomware revealed their shift to Monero (XLM) through a post on a forum dedicated for hackers and malware.
The cybercriminals, in their post, clearly stated that the decision to shift was made to turn it cumbersome for regulatory agencies to trace the sum. The media news release said:
“In this regard, we inform you that after a while the BTC will be removed as a payment method. Victims need to begin to understand the new cryptocurrency, as well as other interested parties who work with us.”
As a matter of fact, the Sodinokibi payment webpage has already started cornering people to pay in Monero by adding a premium of 10% to prevailing Bitcoin price.
Notably, the group is seeking associates who can offer the service of providing data access to users at a lower price in order to benefit by adding a commission over it.
Security analyst at cybersecurity company Emsisoft Brett Callow stated that the use of anoncoin for making ransomware payment is not a regular occurrence.
He also stated that he will be barely surprised if other ransomware groups opted this strategy:
“While there are some instances of demands being made in alternative currencies, this will be the first time that a major ransomware group has settled on a currency other than Bitcoin. Like other businesses, criminal enterprises adopt strategies that have been proven to work and, accordingly, if this switch proves successful for REvil, we’d expect to see other groups begin to experiment with demands in currencies other than bitcoin.”
Cybersecurity professionals regard ransomware created and spread by highly organized cybercrime teams as the most dangerous threat.
It can be remembered that a UK based company recently gave hackers nearly $2.30 million in Bitcoin after getting infected by Sodinokibi ransomware.
Cybersecurity professionals are worried that COVID-19 pandemic will multiply the negative effect of successful hits on healthcare service providers.
To nullify the threat, Microsoft cautioned hospitals that are susceptible to infringements by ransomware.