REvil ransomware gang cheats its own affiliates to steal the latter's cut of the ransom, keeping the entire payment from the victim.
REvil Ransomware Gang Cheats Affiliates
It turns out that the notorious cybercriminal group based in Russia is even fooling their affiliates during their ransomware operations to avoid providing any payment cuts to other groups.
As per Bleeping Computer, the scheme of REvil has been the talk of the town at least in underground forums.
It comes as some former partners of the Russian ransomware gang revealed their ill experience with the criminal minds.
However, malware devs and cybersecurity researchers only confirmed the game plan pattern of REvil in its ransomware operations recently, which refrain collaborators from earning their cut.
REvil Ransomware Group
The notorious Russian ransomware gang that goes by the names REvil and Sodinokib first attacked firms last 2019.
In 2021, the ransomware group was able to orchestrate massive cyberattacks that even disrupted the supply of essential goods, such as meat supply.
On top of that, the Russian gang was also behind the largest ransomware attack in terms of affected firms, which was successfully done by infiltrating the systems of popular IT provider, Kaseya.
To be precise, about 1,500 companies were affected by the Kaseya cyberattack.
However, after the massive attack affecting thousands of firms, the Russian ransomware gang suddenly disappeared into thin air with no online trace at all.
But it seems that the notorious ransomware gang is not stopping its operations despite the vanishing drama after the Kaseya attack.
How the REvil Backdoor Works
Security experts recently confirmed that REvil is using a backdoor and double chats to hijack its partners from getting their ransom cut, ThreatPost reported.
The head of research at the cyber security company, Advanced Intelligence, Yelisey Boguslavskiy, posted on LinkedIn that the ransomware gang devs produced a backdoor that could cheat other criminal collaborators.
The Advanced Intelligence exec further noted that the backdoor serves as a decryptor of files and other workstations, which other gangs similarly have.
However, what sets the backdoor developed by the Russian gang apart from its other counterparts is its ability to hijack affiliates.
The research head further disclosed that affiliates usually get the majority of the ransom payment, or at 70% to be exact.
The huge slice of the pie is primarily due to the fact that collaborators do the dirty work for REvil, including the infiltration of the network up to the encryption of the victim's files.
So, the backdoor of REvil allows that ransomware group to get 100% of the payment from the cyberattack victims.
This article is owned by Tech Times
Written by Teejay Boris