Karmic justice It seems that the old adage “honor thieves” does not apply to cybercriminals. Ransomware-as-a-service gangs complain that the scammers they rent malware from are robbing them.
ZDNet writes that the group behind the infamous ransomware REvil – the same one used in the attacks on Kaseya, Acer and Apple’s manufacturing partner Quanta – is renting it out to other criminals in exchange for a portion of the ransom.
Surprisingly, it looks like this group of thieves cannot be trusted. September 20 intruder discovered a secret backdoor in the REvil ransomware that allows creators to recover encrypted files without the involvement of affiliates.
The backdoor means that the REvil group can also intercept support chat conversations with victims and take all payments for ransomware on themselves.
Risk Intelligence Flash point writes that the discovery sparked outrage on clandestine Russian-language forums, with one user claiming that the backdoor had led to a sudden halt in negotiations for a $ 7 million ransomware payment. Another complained about the “lousy affiliate programs” used by the ransomware collectives “who cannot be trusted.” Affiliates who find themselves in this position have little funds. One said that trying to deal with the group was like an “arbiter.”[ing] against Stalin “.
Flashpoint cybersecurity analysts note that the number of high-profile ransomware attacks has increased the attention of cybercriminal communities, leading to increased hostility towards ransomware threat actors.
Even if REvil’s reputation among other criminals suffers, many believe the group will continue to survive and thrive. In accordance with Technical monitorREvil is the most common ransomware variant along with Conti, detected in 13.1% of incidents this year.