With a prolific criminal group such as Sodinokibi moving towards only using Monero, other ransomware and groups will likely follow. Because of the anonymity of Monero, the criminals may believe that law enforcement will have a harder time tracking the money. The group stated that they want to work with incident response companies to help companies get a decryptor, but this poses major issues for the victim and the incident response company. Although the threat actors state they will keep this information private, it is impossible to know whether they actually will or not. Defenders should place monitoring on their networks and endpoints to detect intrusions and prevent initial intrusions. A service such as Binary Defense’s Managed Detection and Response would be able to better protect companies from ransomware threats before they escalate. More about this can be read here: https://securityaffairs.co/wordpress/101483/cyber-crime/sodinokibi-ransomware-monero.html