Sodinokibi ransomware operators take steps to avoid detection

The operators of Sodinokibi, one of the most prolific ransomware variants, have announced the intention to abandon Bitcoin as means of ransom payment, in a move designed to ensure their identities remain concealed from law enforcement.

Ransomware is a type of malware that encrypts information on the victim’s network. The hacker then demands payment – traditionally in Bitcoin – in exchange for the decryption key.

According to Bleeping Computer, the Sodinokibi operators posted a message on a hacking forum explaining Bitcoin will be replaced with alternative cryptocurrency Monero.

“We are extremely worried about the anonymity and security of our adverts, so we began a “forced” transition from the BTC to Monero,” the messaged reportedly stated.

“The combination of an anonymous browser Tor and Monero can quite successfully make a person’s financial activity completely invisible to the police and government agencies.”

Linking a Monero wallet to an individual is said to be far more challenging, leading some to describe Monero as a “privacy coin”.

Last year, Europol confirmed that Monero, especially when used in combination with the Tor browser, is near impossible to track.

“Since the suspect used a combination of Tor and privacy coins, we could not trace the funds. We could not trace the IP addresses. Which means, we hit the end of the road,” said Europol’s Jerek Jakubcek.

“Whatever happened on the Bitcoin blockchain was visible and that’s why we were able to get reasonably far. But with Monero blockchain, that was the point where the investigation has ended.”