Hackers choose Monero to better hide their identities

The major ransomware group announced to eventually remove Bitcoin as a payment option.

Although there are many cases where Bitcoin appears as the main currency to be paid for the ransom, it is very possible that the situation will change in the future as major ransomware group shifts to another digital coin – Monero (XMR) – for better security reasons.

The cybersecurity website BleepingComputer recently published about Sodinokibi ransomware shifting to Monero cryptocurrency payments.

Hackers behind Sodinokibi, a kind of ransomware that targets computers to encrypt data, are choosing Monero (XMR) as it is harder for law enforcement to track ransom payments. The publication notes, that cybercriminals might completely stop accepting Bitcoin payments in the future.

According to the article, the Europol has already acknowledged that a combination of Monero and Tor (open-source software for anonymous communication) makes it impossible to trace illegal funds or identities of receivers. As Europol’s officer, Jerek Jakubcek said the police hit the end of the road there:

Whatever happened on the Bitcoin blockchain was visible and that’s why we were able to get reasonably far. But with Monero blockchain, that was the point where the investigation has ended. So this is a classical example of one of several cases we had where the suspect decided to move funds from Bitcoin or Ethereum to Monero.

Meanwhile, cybercriminals behind the Sodinokibi made a forum announcement last month, that they are shifting to XMR payments, which are harder to trace.

Reportedly, the hackers said that they will eventually remove Bitcoin as a payment option. They also left a message to victims and law enforcement that “they need to begin to understand the new cryptocurrency”.

In fact, criminals behind the Sodinokibi ransomware have already started to move away from Bitcoin by making Monero their default payment currency on Tor. Furthermore, they increase the amount of nearly 10% if the victims decide to pay ransom in Bitcoins.

Sodinokibi also known as REvil is a ransom currently dominating the cyber extortion field. The ransomware mainly targets Windows computer systems to lock down the data. According to Coveware report, the group was behind nearly 30% of ransom attacks made during the last quarter of 2019. In addition, the hacker group is recently focusing on large companies and ask for the seven-figure payouts.


This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Milko Trajcevski

Milko Trajcevski is a DailyCoin news reporter, mainly focused on Ethereum (ETH), Cardano (ADA), and their founders (Vitalik Buterin and Charles Hoskinson). Milko is an avid follower of crypto and blockchain technology and has written thousands of articles on the subjects. He finds joy in transforming complex issues into written content that anyone can understand. Milko has used and analyzed numerous exchanges, such as Coinbase, FTX, and Binance. He also closely follows all of the latest news around the largest decentralized exchanges (DEXs). Location: Skopje, Macedonia