• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
      • Identity theft
    • Malware
      • Ransomware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
AskCyber Home » News » data privacy » Sodinokibi Ransomware is Targeting POS Software

Sodinokibi Ransomware is Targeting POS Software

2020-06-24 by Michelle Dvorak

Sodinokibi Ransomware POS

Attackers Scanning for POS Software in New Sodinokibi Ransomware Campaign

Sodinokibi ransomware is being used to target credit card and point of sale (POS) terminal software. The goal of this cyber attack variation is not yet clear. So far, this cyber attack has targeted businesses in the services, food, and healthcare sectors according to a report by cyber security researchers at Symantec’s Threat Intelligence team.

The malicious attackers are targeting large corporations that have the ability to pay the large ransoms that the Sodinokibi threat actors typically demand. In January, ZDNet reported that Sodinokibi’s average ransom demand was $260,000. It is not clear if Sodinokibi ransomware is being deployed to steal payment information from the POS software or to encrypt the systems with ransomware.

READ: ATM Provider Diebold Nixdorf Suffers Ransomware Attack

“The attackers are aiming to make a lot of money – for victims infected with Sodinokibi, the ransom requested is $50,000 in the Monero cryptocurrency if paid within the first three hours and $100,000 after that,” says the report from Symantec.

Monero is a cryptocurrency that is more difficult to trace than Bitcoin is.

Sodinokibi blog ransom note Symantec
Sodinokibi blog ransom note (Symantec)

The hackers are using Cobalt Strike commodity malware to infect compromised networks with Sodinokibi targeted ransomware.  Hosting service Pastebin and Amazon’s CloudFront service are both legitimate services being used to host the malware. This is one so the traffic coming from those services is more likely to get through malware detection.

Sodinokibi Malware

Sodinokibi is a ransomware that targets enterprise organizations. Sodinokibi is also known as REvil and Sodin. The number of cyber attacks associate using this malware increased by 62 percent last year. One of its most high-profile attacks knocked foreign exchange service Travelex offline for a month. In the end, Travelex paid $2.3 million in ransom to recover their operations.

The hackers behind REvil are believed to be the same threat actors that launched GandCrab ransomware.  GandCrab was spread through spam emails and exploit kits. The threat actors targeted individuals and businesses running Microsoft Windows, but have since ceased operations.

READ: Hackers Set Up First Stolen Data Web Auction Site

Like the Maze ransomware hackers, the Sodinokibi hackers threaten to sell victim’s data online if their demands for money are not paid. Earlier this month, the REvil hackers set up a first-ever dark web auction site to sell off stolen data to the highest bidder.  The data was stolen from Canadian agricultural company Agromart Group. During a dark web sale, hackers typically leak part of the compromised data online to ahead of time before being put up for auction on the dark web.

Sodinokibi is also believed to be a ransomware-as-a-service (RaaS) operation. With RaaS, the hacker developers maintain the malware code and rent it to other hackers, called affiliates, who carry out their own cyber attacks. All proceeds are shared between the affiliate hackers and the developer hackers.  GandCrab ransomware is also a RaaS service.

Filed Under: data privacy Tagged With: ransomware, Sodinokibi

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

511 Tactical

WHAT TO SHOP NOW

Shop

Safeguard Your Money with a VPN

Beat the Stock Market! - Get Rule Breakers!

Malwarebytes Anti-Virus is On Sale!

Shop Kaspersky Anti-Virus

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Fake eBay Notification Scam Steals Big Money

Principal Security Consultant – AWS

NJCCIC Announces Alice in Cyberspace 2021

Email Service Cuts Off Gun Rights Nonprofit

Security Engineer – Amazon

Categories

Cyber Security News

Fake eBay Notification Scam Steals Big Money

… [Read More...] about Fake eBay Notification Scam Steals Big Money

NJCCIC Announces Alice in Cyberspace 2021

… [Read More...] about NJCCIC Announces Alice in Cyberspace 2021

PayPal Phishing Scam Steals Accounts

… [Read More...] about PayPal Phishing Scam Steals Accounts

Gun Forum Booted by Domain Registrar

… [Read More...] about Gun Forum Booted by Domain Registrar

More Cyber Security News

Tags

amazon Android Apple bitcoin Career China chrome CISA credit card Cyber Attack Cyber security Data Breach data privacy DHS Equifax Facebook FBI Firefox FTC games GDPR Google Government hack hacker identity theft iPhone Iran IRS malware Microsoft North Korea PayPal phishing phishing email ransomware Russia scam smartphone TikTok tutorial VPN web browser WhatsApp WiFi

Government

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

Texas DOT Hit by Ransomware Attack

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • News
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2021 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version