REvil partners confirmed the fact of fraud by the group

One of the participants in the Russian-language hacker forum Exploit renewed claims against REvil from May of this year.

The partners of the operators of the ransomware REvil on a Russian-language hacker forum demanded that the group pay for the stolen ransom share. Media outlets previously wrote , information security specialists from Advanced Intelligence discovered a backdoor that allegedly allowed operators of the REvil ransomware software to intercept the chats of their partners and victims and receive the entire amount of the ransom paid.

When a ransomware partner breaks into the network and tries to provide persistence on the system, REvil operators transmit the payload to the partner to infect the network and encrypt the data. If the victim pays the ransom, the partner group gets 70% of that amount for doing all the work of compromising the network, stealing data, and encrypting it. REvil members receive the remaining 30% in exchange for providing ransomware that partners use to take control of victims’ data and systems.

But when negotiations unexpectedly and mysteriously fail and the partners are left with nothing, they become suspicious and turn to the underground version of the judges.

According to the resource Threatpost, one of the participants of the Russian-speaking hacker forum Exploit used the results of the Advanced Intelligence report to renew the claims brought against the REvil group in May this year. The hacker reiterated the statement from May 2021 on the Exploit forum, confirming AdvIntel’s assumption that the REvil operators did create a backdoor that allowed them to interrupt the ransom negotiations between victims and partners, launch a double chat and exclude partners from the deal, appropriating the entire ransom.

According to experts, not only the offended partner confirmed the deception on the part of REvil. A representative of the LockBit group also joined the discussion and spoke about the former partners of REvil, deceived by the ransomware.

According to experts, confirmation of the deception of REvil partners will lead to the group being avoided in the cybercriminal community, and its ability to hire new partners will be greatly weakened.

Catch up on more articles here

Follow us on Twitter here


Must read


Related Posts