REvil Ransomware Gang Tricks Affiliates To Keep 100% Ransom Payment – Here’s How


The REvil ransomware gang tricks its own affiliates into stealing their share of the ransom, keeping the victim’s payment in full.

(Photo: by Sean Gallup / Getty Images)
BERLIN, GERMANY – JANUARY 25: In this photo illustration, a young man types on a lighted computer keyboard typically preferred by computer coders on January 25, 2021 in Berlin, Germany. 2020 saw a sharp rise in global cybercrime which was in part due to the boom in online retailing that ensued during national lockdowns as governments sought to curb the coronavirus pandemic.

REvil Ransomware Gang Cheats Affiliates

As it turns out, the notorious Russian-based cybercriminal group even cheats its affiliates with their ransomware operations to avoid reducing payments to other groups.

According to Bleeping Computer, REvil’s plan has been talked about at least in the underground forums.

It comes as some former partners of the Russian ransomware gang have revealed their bad experiences with criminal minds.

However, malware developers and cybersecurity researchers only recently confirmed REvil’s game plan model in its ransomware operations, which prevent collaborators from earning their share.

REvil ransomware group

The famous Russian ransomware gang called REvil and Sodinokib first attacked companies in 2019.

In 2021, the ransomware group was able to orchestrate massive cyber attacks that even disrupted the supply of essential goods, such as the supply of meat.

On top of that, the Russian gang was also behind the biggest ransomware attack in terms of the companies involved, which was successfully carried out by infiltrating the systems of popular IT vendor, Kaseya.

To be specific, approximately 1,500 businesses were affected by the Kaseya cyberattack.

However, after the massive attack affecting thousands of businesses, the Russian ransomware gang suddenly vanished into thin air without any trace online.

But it looks like the notorious ransomware gang is not shutting down operations despite the drama fading away after the Kaseya attack.

It should be noted that REvil plays a major role in the ransomware scene, as 42% of recent global attacks have been orchestrated by the Russian gang, according to CyberScoop.

Also Read: Zero-Day Attack: REvil Ransomware Gang Seeks $ 70 Million To Decrypt Encryption Following Kaseya Hack [UPDATE]

How the REvil backdoor works

Security experts recently confirmed that REvil is using a backdoor and double talk to distract its partners from getting their ransom, ThreatPost reported.

Research chief of cybersecurity firm Advanced Intelligence, Yelisey Boguslavskiy, posted on LinkedIn that ransomware gang developers have created a backdoor that could deceive other criminal collaborators.

The Executive of Advanced Intelligence further noted that the backdoor serves as a decryptor of files and other workstations, which other gangs have as well.

However, what sets the backdoor developed by the Russian gang apart from its other counterparts is its ability to hijack affiliates.

The researcher further revealed that affiliates typically receive the majority of the ransom payment, or 70% to be exact.

The huge slice of the pie is mainly due to the collaborators doing the dirty work for REvil, from infiltrating the network to encrypting the victim’s files.

Thus, the backdoor of REvil allows this ransomware group to obtain 100% of the payment from the victims of the cyberattack.

Related Article: REvil Ransomware Believed To Be Responsible For Kaseya Cyberattack Involving At Least 200 Companies

This article is the property of Tech Times

Written by Teejay Boris

2021 All rights reserved. Do not reproduce without permission.


About Author

Leave A Reply