An Extra Source of Income
Sodinokibi, also known as REvil ransomware is infamous for attacks on Travelex, GEDIA automotive, and many other companies in the past. It’s active since April 2019 and has been following the footsteps of Maze ransomware gang like attacking enterprises over individuals and leaking stolen data of victim fails to pay on time. All these acts have earned Sodinokibi much fame in a short span among the ransomware industry. And now, the group’s found to be doing an extra activity on its victims that could garner even more money. According to Symantec, Sodinokibi has been scanning the Point of Sale (PoS) software in the victim’s network to scrape sensitive data like credit card details. These can be used for direct exploitation of victims or grouping them and selling in underground forums. Either way earns money to operators. Besides earning from ransom, Sodinokibi is trying to find yet another way of squeezing money from its victim. Symantec researchers said that food, services, and healthcare industries were targeted on these new operations, with the former two targeted more severely. The attackers here were exploiting zero-day vulnerabilities in Windows, that was addressed back in 2018. Yet, many companies neglect to patch and fall prey for ransomware gangs. Via: ZDNet