Sodinokibi ransomware abandons Bitcoin and switches to Monero

Sodinokibi switches from Bitcoin to Monero
Written by Emma Davis

The Bleeping Computer magazine drew attention to the fact that the Sodinokibi (REvil) malware developers soon will not accept ransoms in Bitcoin. They believe that it is unsafe, because these payments can track law enforcement agencies. Instead, hackers are switching to Monero cryptocurrency.

In 2019, Europol experts said that using the “bundle” of Tor and Monero makes almost impossible tracking funds and the attackers who received them.

Since the suspect used a combination of Tor and anonymous coins, we could not track the funds. We were not able to track the IP addresses. This means that we have reached the end of the path. Everything that happened on the Bitcoin blockchain, it was visible, and therefore we were able to advance quite far in the investigation. However, our options for investigation ended with application of the Monero blockchain. This is a classic example of one of several cases where a suspect decided to transfer funds from Bitcoin or Ethereum to Monero”, – said law enforcement officers at a webinar.

Obviously, operators of the Sodinokibi malware (researchers consider it to be the heiress of the famous GandCrab) are also following similar principles, as the group recently announced that it is beginning to accept ransoms in the Monero cryptocurrency, in order to complicate the work of law enforcement agencies.

In 2017, Europol expressed concern about the growing popularity of Monero, and in 2020, Europol officially announced that Monero could not be traced.

Thanks to CryptoNote and obfuscation added to the protocol, passive mixing is provided: all transactions in the system are anonymous, and all participants in the system can use plausible denial. The combination of the anonymous browser Tor and Monero may well make a person’s financial activity completely invisible to the police and government agencies. We are extremely concerned about anonymity and security, so we have begun a “forced” transition from BTC to Monero”, – write BleepingComputer reporters.

Creators of the malware write that they are still accepting payment in Bitcoin, but soon the victims will have to learn more about Monero and ways of getting it. Soon, the group plans completely abandon the use of BTC (both as ransoms and as payment for services from its “partners”).

Sodinokibi switches from Bitcoin to Monero

Journalists note that on the Sodinokibi payment site, the Monero cryptocurrency has already become the default payment method. If the victim wants to use Bitcoin to pay the ransom, the amount increases by 10%, but for the use of Monero, on the contrary, they promise “discounts”.

Let me remind you that Sodinokibi is one of the most effective threats of the last 9 months – for example, before the New Year, Sodinokibi ransomware operators demanded $6 billion from Travelex.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.


  1. Ray April 15, 2020
  2. Lâm minh công April 22, 2020

Leave a Reply