How REvil May Have Ripped Off Its Own Affiliates

There’s no honor between thieves, but this is beyond rude: Malware specialists have found evidence of how REvil’s leadership may have screwed their own affiliates out of their cut of ransomware payouts.

Malware specialists researching newly available samples from REvil – aka Sodinokibi, a once-major, now sort-of reborn ransomware-as-a-service (RaaS) player – have identified a backdoor that may have enabled the original gang to hijack chats with victims so as to scoop up affiliates’ cut of ransom payments.

Yelisey Boguslavskiy, head of research at the cyber risk prevention firm Advanced Intelligence, said in a LinkedIn update on Monday that the backdoor also enabled REvil operators to decrypt workstations and files.

Read more…
Source: ThreatPost