Researchers at Symantec have spotted a Sodinokibi targeted ransomware campaign in which the attackers are also scanning the networks of some victims for credit card or point of sale software. Eight organizations had the Cobalt Strike commodity malware on their systems, with three of the victims subsequently infected with the SodInokibi ransomware. The attackers are using legitimate infrastructure to store their payload and for their command and control (C&C) server. The tactics employed in this attack campaign are tactics commonly used by targeted ransomware gangs.”]

