According to Flashpoint, a security vendor, REvil ransomware gang uses backdoors to steal ransoms, this was discovered from the forum comments by the ransomware gangs’ customers. They were not happy about it and look like the gang’s malware may contain a backdoor it uses to restore encrypted files on its own.
REvil outsources its malware to other bad actors, in return for a hefty cut in the ransom amount paid by victims.
Flashpoint in a blog post said they discovered a threat actor complaining about the “Exploit” forum about the backdoor. This means REvil can allow its customers to do all the hard work of arranging an infection and then subvert communications with victims and keep the entire ransom for itself.
In yet another chat conversation, REvil clients complained about its behaviour and the futility of attempting to negotiate with the gang.
Flashpoint mentioned a thread, it features a ransomware business complaining about “lousy partner programs”.
In the screenshot shared below, thanks to Flashpoint, you can find the chat content in the Russian language.Looks like there is no honor among thieves for real, not the saying is catching up with the ransomware gangs too.
Apple’s MacOS Finder is Vulnerable to Remote Code Execution
New Bloodystealer Trojan Steals User Accounts On Popular Online Video Game Distribution Services
Far-Right Militia Linked to US Capitol Riot Leaked Emails, Chat Logs and More Online