Hackers Steal From Hackers - Ransomware Contains Backdoors for Seizing Money

Life in the cybercriminal underworld is not a bed of roses. Here's a group of hackers using ransomware acquired from other hackers complaining about backdoors in their ransomware. REvil is one of the more popular ransomware programs. Its "users" report backdoors that can be used by its creators to take control over ransomware negotiations and funds.

Experts from Flashpoint have spotted such information on cybercrime forums. REvil group provides its software to "partners" on a spoilsharing basis. Attack initiators generally receive 70% of the ransom, ransomware authors the rest. All payments are made in cryptocurrencies (such as bitcoin or Ethereum). What was discovered by the "partners", enables REvil to intercept chat communications with an attacked entity and, for example, impersonate the interlocutor.

This way, instead of sharing the ransomware, the creators at REvil can take it over entirely. On a Russian-speaking forum, cybercriminals complain that such actions undermine their trust in ransoware developers (yes, I know how ironically that sounds), but they admit that REvil is too well known for the discovery of backdoors to hurt them much. Well, from the point of view of the average user, we can only be glad that something is falling apart in the world of "network thieves".

Ransomware attacks are one of the most troublesome threats currently encountered on the Internet. Both big companies and ordinary computer users fall their prey. There is no 100% effective protection, but it is worth installing security updates and frequently backing up important files. When we are attacked and our files are encrypted, most experts do not recommend paying the ransom, because it does not guarantee the recovery of files, and certainly contributes to the development of the procedure.

• Flashpoint - official website