Researchers: REvil Ransomware Reincarnated as Ransom Cartel

As per a tip given to BleepingComputer and checked later, REvil (Sodinokibi) ransomware group was found to be hiring new affiliates for distributing their malware. And to make this hiring serious enough, they had deposited 99 Bitcoins ($1 million) on their wallet hosted by the forum’s site. This depicts how well the REvil group is earning and how careless they can go with the money.

REvil Group is Hiring Hackers

If you’re a noob in understanding the dynamics of ransomware distribution, here’s it. The ransomware operators work in two different models to earn. Either they exploit networks by self and encrypt systems for ransom, or just craft the ransomware malware and hire third-party affiliates to distribute it.

While it’s a complete self-operation in the first case, the second case includes the hiring professional hackers to break into corporate networks and deploy their malware. Thus, crafting the encrypting malware and the payment site would garner ransomware operators a share of 20-30% in total revenues earned through ransom payments, leaving the rest for hackers.

Following the second pursuit is the REvil (Sodinokibi) group, who have updated their hiring post in a Russian-speaking hacker forum. This was tipped by Damian to BleepingComputer, which later verified this post that called out;

  • Teams that already have experience and skills in penetration testing, working with msf / cs / koadic, nas / tape, hyper-v and analogues of the listed software and devices.
  • People who have the experience, but do not have access to work.
Bitcoin Deposit by REvil
Bitcoin Deposit by REvil

And to make their asking serious, the ransomware group has deposited 99 Bitcoins ($1 million) to their wallet in the forum. Such forum wallet balances can be used for purchasing deals and services from others in the forum marketplace, and even seen by others in the group. This shows how REvil group is careless about losing their money in any potential theft, since such wallets are hosted by site’s operators, with a possibility of stealing those funds.

Other Trending News:-  News


Please enter your comment!
Please enter your name here