30 September 2021

In RansomWare news: crooks complain that crooks are acting like... crooks!

Security intelligence vendor Flashpoint claims to have found forum comments from customers of the REvil ransomware-as-a-service gang, and they’re not happy. The gang's malware may contain backdoors that REvil uses to restore encrypted files itself.

REvil's modus operandi is to rent its malware to other evildoers, in return for a hefty cut of any ransoms paid by victims.

Flashpoint writes that the "Exploit" forum has recently featured posts from a threat actor complaining about the backdoor, and the fact its presence meant that REvil could let its customers do all the hard work of arranging an infection, then subvert communications with victims and keep the entire ransom for itself.

Other chat in the forum, Flashpoint asserts, includes complaints about REvil's behaviour, and the futility of attempting to negotiate with the gang.


No comments:

Post a Comment