In recent days, spirits have been heating up on Exploit, one of the main Russian hacker forums. Charges are raining down on administrators of the REvil ransomware, which went out of circulation last July before resurfacing recently. This is a post from Yelisey Boguslavskiy, a security researcher at Advintel, which ignited the powder.
On LinkedIn, this expert claims that REvil administrators have a habit of scamming their own partners in order to pocket a full hefty ransom. Indeed, REvil is a “ransomware-as-a-service”. Its creators rent it out to third parties who use it to infect businesses. In case of payment of the ransom, the latter recover 70% of the sum. The rest is paid to the administrators.
Also to discover in video:
But obviously it wasn’t enough for them. According to Mr. Boguslavskiy, they have, in some cases, created without the knowledge of their partners their own discussion threads with the victims. When the latter showed themselves ready to pay, they would have usurped the identity of the victims from the partners to put an end to the negotiations… which were in fact going on live with the administrators. And since the latter had a master key for all the data encrypted by the partners, the deal could therefore be concluded normally.
On the Exploit forum, a partner believes they have been scammed in this way. An administrator of LockBit, a competing ransomware, for his part explained that he had heard similar stories from former partners of REvil and who now work for him. In short, it’s a really bad buzz that will certainly not help the business of the creators of REvil. We are not going to pity them.