Monitoring the attackers

Monitoring the attackers

5 years ago
Anonymous $JavybBYWR5

https://www.bleepingcomputer.com/news/security/tools-and-tactics-of-the-sodinokibi-ransomware-distributors/

Using a network of honeypots, researchers from McAfee examined the tools and tactics used by the Sodinokibi Ransomware (REvil) affiliates to infect their victims with ransomware and compromise other machines on the network.

As part of the Sodinokibi ransomware-as-a-service, ransomware executables are tagged with an affiliate's IDs and sub IDs in order to track who infected the victim and which affiliate should earn a commission for a payment.