Drama in the underground of hackers: The famous ransomware gang REvil, which is among other things responsible for the attack on the American company Kaseya, is accused by its partners of having deceived them. According to discussions in various Russian-speaking forums, the gang did not receive the 30 percent commission for ransom payments made by the victims. REvil built a backdoor into its infrastructure, which allowed the blackmail group to break off ransom negotiations between their partners and the victims of the REvil malware (also known as Sodinokibi) and continue to negotiate on their own. .
Security researchers describe the business model of hacker groups like REvil and Darkside as ransomware-as-a-service. The hacker groups praise the malware they have developed and the associated decryption and payment infrastructure from other criminals, called affiliates or partners. In the case of REvil, the funders receive 30% of the partners’ income. In the past, however, it has happened on many occasions – for example in the case of the Dark Side gang – that such a gang would grab payments or cheat on their partners in other ways. As an English proverb says: There is no honor among thieves.
The piracy court is in session
As the news site operated by antivirus maker Kaspersky ThreatPost reported, make serious allegations against the ransomware gang as a result of the group’s return. To this end, they have convened what is known as a “hacker tribunal”: this is a kind of strictly regulated discussion thread in an underground forum, in which members can accuse other members. of the forum.
It is questionable whether these discussions really lead to punishing fraudulent members of these clandestine communities or to reimbursing the amounts owed. But the âhacker’s courtâ trial will undoubtedly damage the reputation of the REvil gang, which could affect their comeback. Criminals have no honor, but the company’s reputation is paramount, even in this environment.
Backdoor and Double Chat
As a result of these allegations, the masterminds at REvil have built a backdoor into their malware infrastructure, which allows them to take control of the malware or its decryption functions from partners. In addition, they probably have the possibility of intervening in the conversations of criminals with their victims (what is called in these circles the double chat).
The masterminds of REvil intervened in the ransom negotiations in an almost treacherous manner, their partners say. As the partners chatted with the victims through the REvil platform and negotiated ransom for their encrypted files, the REvil gang members smuggled into the chat and sent messages to both parties as intercept messages. , therefore, to say. While they suggested to their partners on behalf of the victims that they did not want to pay the ransom and that the negotiations were over, they resumed negotiations with the victims themselves and eventually collected the full ransom – instead of the 30 percent. they were indeed entitled to it.
Since the partners of these ransomware gangs bear much of the risk as they are the ones who must place the malicious code into the victims’ networks, they are understandably angry if they are deprived of their – in their opinion – harshly. won. wages. Security researchers and victims of extortion gangs are more likely to be amused by the drama of underground hacking. With any luck, the reputation of the REvil gang is damaged so much that it sooner or later disappears from the scene. For all the malicious glee that the criminals’ mishap aroused, past experience teaches us that in this case, a new gang will likely simply take the place of the fired crooks.
Disclaimer: This article is generated from the feed and is not edited by our team.