This ransomware has learned a new trick: Scanning for point of sales devices | ZDNet

This ransomware has learned a new trick: Scanning for point of sales devices

Already one of the most dangerous forms of ransomware, now Sodinokibi looks like it could also be attempting to make money from stolen payment information too.

Why ransomware has become the biggest cyber threat to your network in 2020

One of the world's most prolific and successful ransomware groups is now scanning the networks of victims to check for credit card and point of sale (PoS) software in what looks to be an additional method of making money from attacks.

Sodinokibi – also known as REvil – emerged in April 2019 and it has gone onto be one of the most damaging families of ransomware in the world today.

Networks of a number of Download the free PDF version (TechRepublic)

In a significant percentage of cases, the victim feels as if researchers at Symantec have spotted a new element in recent campaigns, with the attackers scanning compromised networks for PoS software.

It's possible that the attackers could be looking to scrape this information as a means of making additional money from campaigns, either by directly using the payment information themselves to raid accounts, or to sell it on to others on underground forums.

This wouldn't be the first time the hackers behind Sodinokibi have looked to exploit data they've compromised in attack; US mayors resolve not to pay hackers over ransomware attacks CNET

  • Ransomware attacks on businesses up 365% this year TechRepublic
  • Ransomware: Why we're still losing the fight – and the changes you need to make, before it's too late