Security News > 2021 > September > REvil customers complain ransomware gang uses backdoors to filch ransoms
Security intelligence vendor Flashpoint claims to have found forum comments from customers of the REvil ransomware-as-a-service gang, and they're not happy.
The gang's malware may contain backdoors that REvil uses to restore encrypted files itself.
Flashpoint writes that the "Exploit" forum has recently featured posts from a threat actor complaining about the backdoor, and the fact its presence meant that REvil could let its customers do all the hard work of arranging an infection, then subvert communications with victims and keep the entire ransom for itself.
One thread seen by Flashpoint apparently features a ransomware business complaining about "Lousy partner programs".
The Register has translated it from the original Russian and it does appear to comprise chat about REvil's code.
The Register would not be the least bit surprised to learn that applies to ransomware gangs, too.