REvil ransomware gang is scamming its own customers

Representational image of a cybercriminal
(Image credit: Pixabay)

A threat actor claims to have discovered a secret backdoor in REvil’s ransomware code, which allegedly helps the ransomware group steal ransom proceeds from its affiliates. 

Cybersecurity researchers at Flashpoint have shared an interesting example of the tumultuous relationships in the cyber underground.  

Earlier last week, an unidentified threat actor shared evidence of the backdoor on the Russian-language underground forum board Exploit, alleging that REvil was using it as a means of robbing its affiliates after making them do the heavy lifting of compromising and infecting a victim.

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

“The subsequent fallout within the threat actor community offers the very organizations and individuals they target a window into the types of important chatter that can arise in the cybercriminal underground,” observes Flashpoint while sharing the details of the exchange.

Den of thieves

The revelation led another threat actor known as Signature to re-hash their $7 million arbitration claim that had been initiated after REvil re-emerged from a self-imposed hibernation.

Signature wasn’t alone in voicing concern against REvil following the revelation about the backdoor. Other threat actors chimed in to share their displeasure at REvil’s scamming-the-scammers tactics.

According to Flashpoint’s reporting of the conversations, LockBitSupp, the representative of the LockBit ransomware gang, went as far as to claim that many REvil affiliates share suspicion towards REvil.

Flashpoint reasons that animosity between the threat actors in the ransomware ecosystem have been on the rise ever since high-profile malicious campaigns have led to increased law enforcement scrutiny. 

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.