REvil ransomware gang is scamming its own customers

Opportunity makes a thief

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A threat actor claims to have discovered a secret backdoor in REvil’sransomwarecode, which allegedly helps the ransomware group steal ransom proceeds from its affiliates.

Cybersecurityresearchers at Flashpoint have shared an interesting example of the tumultuous relationships in the cyber underground.

Earlier last week, an unidentified threat actor shared evidence of the backdoor on the Russian-language underground forum board Exploit, alleging that REvil was using it as a means of robbing its affiliates after making them do the heavy lifting of compromising and infecting a victim.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

“The subsequentfalloutwithin the threat actor community offers the very organizations and individuals they target a window into the types of important chatter that can arise in the cybercriminal underground,”observesFlashpoint while sharing the details of the exchange.

Den of thieves

The revelation led another threat actor known as Signature to re-hash their $7 million arbitration claim that had been initiated afterREvil re-emergedfrom aself-imposed hibernation.

Signature wasn’t alone in voicing concern against REvil following the revelation about the backdoor. Other threat actors chimed in to share their displeasure at REvil’s scamming-the-scammers tactics.

According to Flashpoint’s reporting of the conversations, LockBitSupp, the representative of the LockBit ransomware gang, went as far as to claim that many REvil affiliates share suspicion towards REvil.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Flashpoint reasons that animosity between the threat actors in the ransomware ecosystem have beenon the rise ever since high-profile malicious campaigns have led to increased law enforcement scrutiny.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Washington state court systems taken offline following cyberattack

Is it still worth using Proton VPN Free?

7 myths about email security everyone should stop believing