REvil Ransomware Gang Cheats Affiliates to Keep 100% of Ransom Payment—Here's How

REvil ransomware gang cheats its own affiliates to steal the latter's cut of the ransom, keeping the entire payment from the victim.

Avast Releases FREE Ransomware Decryptor for Hades Variants — Here’s How to Get
BERLIN, GERMANY - JANUARY 25: In this photo illustration a young man types on an illuminated computer keyboard typically favored by computer coders on January 25, 2021 in Berlin, Germany. 2020 saw a sharp rise in global cybercrime that was in part driven by the jump in online retailing that ensued during national lockdowns as governments sought to rein in the coronavirus pandemic. by Sean Gallup/Getty Images

REvil Ransomware Gang Cheats Affiliates

It turns out that the notorious cybercriminal group based in Russia is even fooling their affiliates during their ransomware operations to avoid providing any payment cuts to other groups.

As per Bleeping Computer, the scheme of REvil has been the talk of the town at least in underground forums.

It comes as some former partners of the Russian ransomware gang revealed their ill experience with the criminal minds.

However, malware devs and cybersecurity researchers only confirmed the game plan pattern of REvil in its ransomware operations recently, which refrain collaborators from earning their cut.

REvil Ransomware Group

The notorious Russian ransomware gang that goes by the names REvil and Sodinokib first attacked firms last 2019.

In 2021, the ransomware group was able to orchestrate massive cyberattacks that even disrupted the supply of essential goods, such as meat supply.

On top of that, the Russian gang was also behind the largest ransomware attack in terms of affected firms, which was successfully done by infiltrating the systems of popular IT provider, Kaseya.

To be precise, about 1,500 companies were affected by the Kaseya cyberattack.

However, after the massive attack affecting thousands of firms, the Russian ransomware gang suddenly disappeared into thin air with no online trace at all.

But it seems that the notorious ransomware gang is not stopping its operations despite the vanishing drama after the Kaseya attack.

It is worth noting that REvil plays a major role in the ransomware scene as 42% of the overall recent attacks have been orchestrated by the Russian gang, according to CyberScoop.

How the REvil Backdoor Works

Security experts recently confirmed that REvil is using a backdoor and double chats to hijack its partners from getting their ransom cut, ThreatPost reported.

The head of research at the cyber security company, Advanced Intelligence, Yelisey Boguslavskiy, posted on LinkedIn that the ransomware gang devs produced a backdoor that could cheat other criminal collaborators.

The Advanced Intelligence exec further noted that the backdoor serves as a decryptor of files and other workstations, which other gangs similarly have.

However, what sets the backdoor developed by the Russian gang apart from its other counterparts is its ability to hijack affiliates.

The research head further disclosed that affiliates usually get the majority of the ransom payment, or at 70% to be exact.

The huge slice of the pie is primarily due to the fact that collaborators do the dirty work for REvil, including the infiltration of the network up to the encryption of the victim's files.

So, the backdoor of REvil allows that ransomware group to get 100% of the payment from the cyberattack victims.

This article is owned by Tech Times

Written by Teejay Boris

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics