REvil ransomware gang is back in business with a different mind game as it silently robs its affiliates. Malware specialists have found that the gang is cheating on its affiliates to keep 100% of ransom payments.
What’s happening?
- The REvil RaaS operators have taken to a new scheme that involves the use of a newly discovered backdoor and double chat setup to cheat on its affiliates.
- The backdoor enables the gang to decrypt workstations and files, apart from hijacking active negotiation chats of victims with affiliates.
- The tricky part is the double chats where the unsuspecting victims are shown two identical chats, one by the affiliate and another by REvil.
- If a victim pays the ransom, the affiliate is supposed to get 70 percent of it and the remaining 30 percent goes to the REvil operators in exchange for providing the ransomware payloads.
- However, with this double chats scheme, REvil hijacks the share of the payment meant for its affiliates.
Ripped-off affiliates are fuming
- According to Advanced Intelligence, many aggravated, scammed affiliates approached the Hacker’s Court, seeking to recoup $21.5 million from REvil that was allegedly stolen from them.
- Taking to a criminal forum, the affiliates also claimed that REvil leadership did indeed create a backdoor and run a double chat to meddle in the negotiation.
What’s next for REvil?
The REvil has sputtered back to life after a small hide-and-seek game. According to Threatpost, REvil is trying to patch things up with disgruntled affiliates. However, that’s not the case with the affiliates who have opened arbitration cases against REvil on underground forums. Some analysts predict that more former affiliates may raise objections against the ransomware group, waiting to be compensated for their losses.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/iStock_000051874642_Medium.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/b118_shutterstock_719314501.jpg)
