Bleeping Computer journalists noticed that creators of the REvil (aka Sodinokibi) ransomware put one million dollars in bitcoins on deposit on a Russian-speaking hacker forum. Thus, hackers want to prove to potential partners that they are serious in their business.
The fact is that REvil operates according to the RaaS scheme (Ransomware-as-a-Service), that is, in this case, the malware developers are responsible for the development and support of malware, while for distribution and hacking are responsible clients and partners.As a rule, with such a “division of labor”, malware developers receive a 20-30% share, while distributors receive 70-80% of the ransom.
As a reminder, REvil ransomware operators recently launched auction site to sell stolen data.
Recently, the creators of REvil announced that they are looking for new partners to distribute their ransomware programs. Hackers wrote that they are interested in working with professionals and those who have experience in the field of penetration testing.
To show potential partners the seriousness of their intentions, the developers of REvil created a deposit on the hacker forum as big as 99 bitcoins (approximately $1 million at the current exchange rate).
As it is easy to understand, this resource allows participants to deposit cryptocurrency into a wallet associated with the site. Users can not only see the size of each other’s deposits, but also use these bitcoins to make transactions through the forum.
Journalists note that the size of REvil’s deposit is a good example of how much money bring hackers ransomware attacks. Apparently, the attackers are not too worried that, in theory, the forum administration could steal such a sum from them.
Let me also remind you that IS researchers believe ‘REvil’ is GandCrab rebranding.