Security News > 2020 > June > Sodinokibi Ransomware Now Scans Networks For PoS Systems

Sodinokibi Ransomware Now Scans Networks For PoS Systems
2020-06-23 20:35

Cybercriminals behind recent Sodinokibi ransomware attacks are now upping their ante and scanning their victims' networks for credit card or point of sale software.

It's not yet clear whether the attackers are targeting this PoS software to encrypt it as part of the ransomware attack, or because they want to scrape the credit card information on the systems as a way to make even more money in addition to the ransomware attack.

"While many of the elements of this attack are 'typical' tactics seen in previous attacks using Sodinokibi, the scanning of victim systems for PoS software is interesting, as this is not typically something you see happening alongside targeted ransomware attacks," said Symantec researchers in a Tuesday analysis.

Attackers would not execute the ransomware on all of these firms - only three of the eight Cobalt Strike victims were found to be additionally infected by the Sodinokibi ransomware.

On certain companies, the attacker would then download the Sodinokibi ransomware.


News URL

https://threatpost.com/sodinokibi-ransomware-now-scans-networks-for-pos-systems/156855/