Security News > 2021 > September > REVil ransomware devs added a backdoor to cheat affiliates

REVil ransomware devs added a backdoor to cheat affiliates
2021-09-23 06:26

Cybercriminals are slowly realizing that the REvil ransomware operators may have been hijacking ransom negotiations, to cut affiliates out of payments.

If the REvil operation started as an "Honest" cybercriminal endeavor, it soon switched to scamming affiliates out of the promised 70% share of a ransom from paying victims.

The conversations involved individuals that played a role in REvil ransomware attacks, such as partners that provided network access, penetration-testing services, VPN specialists, and potential affiliates.

FF5EEDCAEDEE6250D488F0F04EFA4C957B557BDBDC0BBCA2BA1BB7A64D043A3D. What the author of the above post is saying is that affiliates were not the only ones that could decrypt the systems they locked with the REvil ransomware sample they received.

To access the REvil payment portal, the ransomware threat actor requires a blob of data present in the ransom note.

Reverse engineer and Advanced Intelligence CEO Vitali Kremez told BleepingComputer that the latest REvil samples, which emerged when the gang restarted operations, no longer have the master key that enabled the decryption of any system locked with REvil ransomware.


News URL

https://www.bleepingcomputer.com/news/security/revil-ransomware-devs-added-a-backdoor-to-cheat-affiliates/