• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » data privacy » Sodinokibi Ransomware is Targeting POS Software

Sodinokibi Ransomware is Targeting POS Software

2020-06-24 by Michelle Dvorak

Sodinokibi Ransomware POS

Attackers Scanning for POS Software in New Sodinokibi Ransomware Campaign

Sodinokibi ransomware is being used to target credit card and point of sale (POS) terminal software. The goal of this cyber attack variation is not yet clear. So far, this cyber attack has targeted businesses in the services, food, and healthcare sectors according to a report by cyber security researchers at Symantec’s Threat Intelligence team.

The malicious attackers are targeting large corporations that have the ability to pay the large ransoms that the Sodinokibi threat actors typically demand. In January, ZDNet reported that Sodinokibi’s average ransom demand was $260,000. It is not clear if Sodinokibi ransomware is being deployed to steal payment information from the POS software or to encrypt the systems with ransomware.

READ: ATM Provider Diebold Nixdorf Suffers Ransomware Attack

“The attackers are aiming to make a lot of money – for victims infected with Sodinokibi, the ransom requested is $50,000 in the Monero cryptocurrency if paid within the first three hours and $100,000 after that,” says the report from Symantec.

Monero is a cryptocurrency that is more difficult to trace than Bitcoin is.

Sodinokibi blog ransom note Symantec
Sodinokibi blog ransom note (Symantec)

The hackers are using Cobalt Strike commodity malware to infect compromised networks with Sodinokibi targeted ransomware.  Hosting service Pastebin and Amazon’s CloudFront service are both legitimate services being used to host the malware. This is one so the traffic coming from those services is more likely to get through malware detection.

Sodinokibi Malware

Sodinokibi is a ransomware that targets enterprise organizations. Sodinokibi is also known as REvil and Sodin. The number of cyber attacks associate using this malware increased by 62 percent last year. One of its most high-profile attacks knocked foreign exchange service Travelex offline for a month. In the end, Travelex paid $2.3 million in ransom to recover their operations.

The hackers behind REvil are believed to be the same threat actors that launched GandCrab ransomware.  GandCrab was spread through spam emails and exploit kits. The threat actors targeted individuals and businesses running Microsoft Windows, but have since ceased operations.

READ: Hackers Set Up First Stolen Data Web Auction Site

Like the Maze ransomware hackers, the Sodinokibi hackers threaten to sell victim’s data online if their demands for money are not paid. Earlier this month, the REvil hackers set up a first-ever dark web auction site to sell off stolen data to the highest bidder.  The data was stolen from Canadian agricultural company Agromart Group. During a dark web sale, hackers typically leak part of the compromised data online to ahead of time before being put up for auction on the dark web.

Sodinokibi is also believed to be a ransomware-as-a-service (RaaS) operation. With RaaS, the hacker developers maintain the malware code and rent it to other hackers, called affiliates, who carry out their own cyber attacks. All proceeds are shared between the affiliate hackers and the developer hackers.  GandCrab ransomware is also a RaaS service.

Filed Under: data privacy Tagged With: ransomware, REvil, Sodinokibi

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version