Security News > 2020 > June > Sodinokibi Ransomware Operators Target POS Software
The threat actor behind the Sodinokibi ransomware was observed scanning the victim networks for credit card or point of sale software.
An off-the-shelf tool, Cobalt Strike is employed by a broad range of threat actors, including multiple ransomware gangs.
The Sodinokibi ransomware was deployed on the environments of organizations in the services, food, and healthcare sectors, which appear to have been chosen due to their size, as the attackers were looking to receive large ransom payments.
The Sodinokibi ransomware was deployed on the systems of three organizations.
"While many of the elements of this attack are 'typical' tactics seen in previous attacks using Sodinokibi, the scanning of victim systems for PoS software is interesting, as this is not typically something you see happening alongside targeted ransomware attacks. It will be interesting to see if this was just opportunistic activity in this campaign, or if it is set to be a new tactic adopted by targeted ransomware gangs," Symantec concludes.