Although there are many cases where Bitcoin appears as the main currency to be paid for the ransom, it is very possible that the situation will change in the future as major ransomware group shifts to another digital coin – Monero (XMR) – for better security reasons.
The cybersecurity website BleepingComputer recently published about Sodinokibi ransomware shifting to Monero cryptocurrency payments.
Hackers behind Sodinokibi, a kind of ransomware that targets computers to encrypt data, are choosing Monero (XMR) as it is harder for law enforcement to track ransom payments. The publication notes, that cybercriminals might completely stop accepting Bitcoin payments in the future.
According to the article, the Europol has already acknowledged that a combination of Monero and Tor (open-source software for anonymous communication) makes it impossible to trace illegal funds or identities of receivers. As Europolโs officer, Jerek Jakubcek said the police hit the end of the road there:
Whatever happened on the Bitcoin blockchain was visible and thatโs why we were able to get reasonably far. But with Monero blockchain, that was the point where the investigation has ended. So this is a classical example of one of several cases we had where the suspect decided to move funds from Bitcoin or Ethereum to Monero.
Meanwhile, cybercriminals behind the Sodinokibi made a forum announcement last month, that they are shifting to XMR payments, which are harder to trace.
Reportedly, the hackers said that they will eventually remove Bitcoin as a payment option. They also left a message to victims and law enforcement that โthey need to begin to understand the new cryptocurrencyโ.
In fact, criminals behind the Sodinokibi ransomware have already started to move away from Bitcoin by making Monero their default payment currency on Tor. Furthermore, they increase the amount of nearly 10% if the victims decide to pay ransom in Bitcoins.
Sodinokibi also known as REvil is a ransom currently dominating the cyber extortion field. The ransomware mainly targets Windows computer systems to lock down the data. According to Coveware report, the group was behind nearly 30% of ransom attacks made during the last quarter of 2019. In addition, the hacker group is recently focusing on large companies and ask for the seven-figure payouts.
