REvil gang scams ransomware associates out of payments – Security


The REvil ransomware-as-a-service gang, which has made headlines recently with several high-profile attacks, is accused of cutting its associates out of the extortion action, scamming them out of payments from victims with locked-up systems.

REvil, which is linked to Russia and believed to behind the attacks on managed service provider software vendor Kaseya and United States fuel distribution network Colonial Pipeline, is said to have secretely introduced a backdoor into its malware.

Security vendor Flashpoint said criminals on the Russian-language Exploit and XSS forums were outraged to find that the backdoor enabled REvil operators to restore encrypted files with no involvement from the associates.

Furthermore, REvil operators are said to be able to hijack chats in which ransomware victims negotiate extortion payments in return for decryptors, and collect the full proceeds without sharing any with affiliates who have paid to…

Read more…