A threat actor claims to have discovered a secret backdoor in REvil’s ransomware (opens in new tab) code, which allegedly helps the ransomware group steal ransom proceeds from its affiliates.
Cybersecurity (opens in new tab) researchers at Flashpoint have shared an interesting example of the tumultuous relationships in the cyber underground.
Earlier last week, an unidentified threat actor shared evidence of the backdoor on the Russian-language underground forum board Exploit, alleging that REvil was using it as a means of robbing its affiliates after making them do the heavy lifting of compromising and infecting a victim.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
>> Click here to start the survey in a new window (opens in new tab) <<
- We’ve also compiled a list of the best ransomware protection tools (opens in new tab)
- These are the best malware removal (opens in new tab) software on the market
- Protect your devices with these best antivirus software (opens in new tab)
“The subsequent fallout within the threat actor community offers the very organizations and individuals they target a window into the types of important chatter that can arise in the cybercriminal underground,” observes (opens in new tab) Flashpoint while sharing the details of the exchange.
Den of thieves
The revelation led another threat actor known as Signature to re-hash their $7 million arbitration claim that had been initiated after REvil re-emerged (opens in new tab) from a self-imposed hibernation (opens in new tab).
Signature wasn’t alone in voicing concern against REvil following the revelation about the backdoor. Other threat actors chimed in to share their displeasure at REvil’s scamming-the-scammers tactics.
According to Flashpoint’s reporting of the conversations, LockBitSupp, the representative of the LockBit ransomware gang, went as far as to claim that many REvil affiliates share suspicion towards REvil.
Flashpoint reasons that animosity between the threat actors in the ransomware ecosystem have been on the rise ever since high-profile malicious campaigns have led to increased law enforcement scrutiny.
- We've put together a list of the best endpoint protection (opens in new tab) software