Ransomware riches stolen from cybercriminals! Karma hits back
New modus operandi! Stabbed in the back! Shockingly, cybercriminals have targetted ransomware groups to steal ransom from them via REvil.
In what can only be described as karma hitting back, cybercriminals have been caught complaining that ransomware that they created and leased out to others was used against them! These malware creators were actually targetted by other cybrercriminals who are now stealing ransom amounts from them! Amazingly, the ones who were allegedly cheated by the ransomware group had actually leased out the malware to these cybercriminals themselves.
According to a report by ZDNet, cybercriminals who have been using the REvil ransomware that has negatively impacted major companies over the past months has been taking more than the agreed-upon cut of the ransom amount in exchange for permission to use the ransomware tools.
Also read: Looking for a smartphone? Check Mobile Finder here.
The REvil ransomware has been behind some of the most notorious attacks on companies such as Acer, Quanta (an Apple manufacturing partner) and Kaseya, and is widely considered one of the most nefarious ransomware tools in the world, along with the Conti ransomware variant. The malware accounts for 13.1 percent of incidents in 2021, according to Tech Monitor. These ransomware-as-a-service groups provide non-technical users with the means to choose and target their victims, in exchange for a cut of the ransom amount.
The complaints were spotted on underground Russian forums by risk intelligence firm Flashpoint, which included users stating that “partner programs” were lousy and that the ransomware collectives could not be “trusted”, according to the report. Another user claimed that negotiations (where the victim tries to reduce the ransom amount) for a $7 million ransom payment were affected by a “backdoor” that reportedly resulted in the negotiations ending.
According to the report, on September 20, a backdoor that allowed the creator of the malware to bypass the access of the “customer” criminals who were able to decrypt files that were being held at ransom -- effectively allowing the creators to steal the ransom and cut the “customer” criminals out of the ransom deal. It remains to be seen whether these allegations will affect the popularity of the REvil ransomware, which is currently one of the most popular ransomware-as-a-service compared to any other ransomware tools in use today.