A threat actor claims to have discovered a secret backdoor in REvil’s ransomware code, which allegedly helps the ransomware group steal ransom proceeds from its affiliates.
Cybersecurity researchers at Flashpoint have shared an interesting example of the tumultuous relationships in the cyber underground.
Earlier last week, an unidentified threat actor shared evidence of the backdoor on the Russian-language underground forum board Exploit, alleging that REvil was using it as a means of robbing its affiliates after making them do the heavy lifting of compromising and infecting a victim.
- We’ve also compiled a list of the best ransomware protection tools
- These are the best malware removal software on the market
- Protect your devices with these best antivirus software
“The subsequent fallout within the threat actor community offers the very organizations and individuals they target a window into the types of important chatter that can arise in the cybercriminal underground,” observes Flashpoint while sharing the details of the exchange.
Den of thieves
The revelation led another threat actor known as Signature to re-hash their $7 million arbitration claim that had been initiated after REvil re-emerged from a self-imposed hibernation.
Signature wasn’t alone in voicing concern against REvil following the revelation about the backdoor. Other threat actors chimed in to share their displeasure at REvil’s scamming-the-scammers tactics.
According to Flashpoint’s reporting of the conversations, LockBitSupp, the representative of the LockBit ransomware gang, went as far as to claim that many REvil affiliates share suspicion towards REvil.
Flashpoint reasons that animosity between the threat actors in the ransomware ecosystem have been on the rise ever since high-profile malicious campaigns have led to increased law enforcement scrutiny.
- We've put together a list of the best endpoint protection software