A threat actor claims to have discovered a secret backdoor in REvil’s ransomware code, which allegedly helps the ransomware group steal ransom proceeds from its affiliates.
Cybersecurity researchers at Flashpoint have shared an interesting example of the tumultuous relationships in the cyber underground.
Earlier last week, an unidentified threat actor shared evidence of the backdoor on the Russian-language underground forum board Exploit, alleging that REvil was using it as a means of robbing its affiliates after making them do the heavy lifting of compromising and infecting a victim.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
- We’ve also compiled a list of the best ransomware protection tools
- These are the best malware removal software on the market
- Protect your devices with these best antivirus software
“The subsequent fallout within the threat actor community offers the very organizations and individuals they target a window into the types of important chatter that can arise in the cybercriminal underground,” observes Flashpoint while sharing the details of the exchange.
Den of thieves
Signature wasn’t alone in voicing concern against REvil following the revelation about the backdoor. Other threat actors chimed in to share their displeasure at REvil’s scamming-the-scammers tactics.
According to Flashpoint’s reporting of the conversations, LockBitSupp, the representative of the LockBit ransomware gang, went as far as to claim that many REvil affiliates share suspicion towards REvil.
Flashpoint reasons that animosity between the threat actors in the ransomware ecosystem have been on the rise ever since high-profile malicious campaigns have led to increased law enforcement scrutiny.
- We've put together a list of the best endpoint protection software