One of the world's most prolific and successful ransomware groups is now scanning the networks of victims to check for credit card and point of sale (PoS) software in what looks to be an additional method of making money from attacks.
Sodinokibi – also known as REvil – emerged in April 2019 and it has gone onto be one of the most damaging families of ransomware in the world today.
Networks of a number of Download the free PDF version (TechRepublic)
In a significant percentage of cases, the victim feels as if researchers at Symantec have spotted a new element in recent campaigns, with the attackers scanning compromised networks for PoS software.
It's possible that the attackers could be looking to scrape this information as a means of making additional money from campaigns, either by directly using the payment information themselves to raid accounts, or to sell it on to others on underground forums.
This wouldn't be the first time the hackers behind Sodinokibi have looked to exploit data they've compromised in attack; US mayors resolve not to pay hackers over ransomware attacks CNET