Usually we do not encourage such tactics of earning money through cyber frauds. However, in order to warn those interested, we have published this article.
The next time if you are thinking to join a ransomware as a service scheme of REvil group to earn some money through extortion or to take vengeance, you better be aware that such schemes will always dupe the partner first and then the victim next.
REvil Ransomware group is one such malware spreading gang that offers ransomware on lease and earns profits from its partners who launch a ransomware attack on a victim and steal data and then encrypt their database until a ransom is paid.
However, truth is out that REvil hackers have a habit of duping the affiliates by stealing their cryptocurrency gained from ransom.
Cybersecurity Researchers from Flashpoint have discovered that REvil authors always keep a coded backdoor on hand while handing over their file encrypting malware to their associates or affiliates.
Thus, it allows them to negotiate with the victim(if situation favors them) later and hand over the decryption key as soon as the ransom is paid to them, instead of those who leased out the file encrypting malware to make some money.
To understand it in a better way, here’s some explanation for it. Suppose A is a REvil ransomware author who has leased out their malware product to B who then launches a ransomware attack on C(REvil victim) and demands a ransom. A somehow contacts C directly and asks the ransom in exchange for a decryption key.
Flashpoint claims that over 2-3 affiliates lost their plan of extorting $7 million each from the victim as the REvil author took over the negotiations and settled a deal with the victim for just $2-3 million.
Therefore, never trust a ransomware group and especially those from Russia, as there is no guarantee that they will heed to the business conduct.
NOTE- REvil Ransomware group is also known by the name of Sodinokibi Ransomware Group.