REvil ransomware gang scammed their own partners
Drama in the underground of hackers: The famous ransomware gang REvil, which is among other things responsible for the attack on the American company Kaseya, is accused by its partners of having deceived them. According to discussions in various Russian-speaking forums, the gang did not receive the 30 percent commission for ransom payments made by victims. REvil built a backdoor into its infrastructure, which allowed the blackmail group to break off ransom negotiations between their partners and the victims of the REvil malware (also known as Sodinokibi) and continue to negotiate on their own. .
Security researchers describe the business model of hacker groups like REvil and Darkside as ransomware-as-a-service. The hacker groups praise the malware they have developed and the associated decryption and payment infrastructure from other criminals, called affiliates or partners. In the case of REvil, the funders receive 30% of the partners’ income. In the past, however, it has happened on numerous occasions – for example in the case of the Dark Side gang – that such a gang would seize payments or cheat on their partners in other ways. As an English proverb says: There is no honor among thieves.
The hacking tribunal is in session
As the news site operated by antivirus maker Kaspersky ThreatPost reported, make serious allegations against the ransomware gang following the group’s return. To this end, they have convened a “hacker tribunal”: this is a kind of strictly regulated discussion thread in an underground forum, in which members can accuse other members of the forum.
It is questionable whether these discussions really lead to the punishment of the fraudulent members of these clandestine communities or to the reimbursement of the amounts owed. But the “hacker’s court” trial will undoubtedly damage the reputation of the REvil gang, which could affect their comeback. Criminals have no honor, but the company’s reputation is paramount, even in this environment.
Backdoor and Double Chat
As a result of these allegations, the masterminds at REvil have built a backdoor into their malware infrastructure, which allows them to take control of the malware or its decryption functions from partners. In addition, they probably have the possibility of intervening in the conversations of criminals with their victims (what is called in these circles the double chat).
The masterminds of REvil intervened in the ransom negotiations in an almost treacherous manner, their partners say. While the partners chatted with the victims through the REvil platform and negotiated the ransom for their encrypted files, the REvil gang members smuggled into the chat and sent messages to both parties as interception messages. , therefore, to say. While they suggested to their partners on behalf of the victims that they did not want to pay the ransom and that the negotiations were over, they resumed negotiations with the victims themselves and eventually collected the full ransom – instead of the 30 percent they were actually entitled to it.
Since the partners of these ransomware gangs bear much of the risk as they are the ones who must place the malicious code into the victims’ networks, they are understandably angry if they are deprived of their – in their opinion – harshly. won. wages. Security researchers and victims of extortion gangs are more likely to be amused by the drama of underground hacking. With any luck, the reputation of the REvil gang is so damaged that it sooner or later disappears from the scene. For all the malicious glee that the criminals’ mishap aroused, past experience teaches us that in this case, a new gang will likely simply take the place of the fired crooks.
Disclaimer: This article is generated from the feed and is not edited by our team.