Time to break out your teeniest, tiniest violin
Not all cybercriminals are equal.
Some of them are really smart, and some of those smart guys join up with the mafia.
This essay is not about them.
The cybercriminals I want to tell you about are really lazy and not all that smart.
The guys I want to talk about never bothered to learn how to write their own code. These lazy motherf*ckers who want to steal money from vulnerable people, aren't smart enough to figure out that when they encounter REAL criminals like the mafia, that those hard-core criminals might want to take advantage of them.
Every once in a while you read a story about a group of people that you simply can't bring yourself to shed a tear for.
This is their story.
REvil is one of the most notorious and most common forms of ransomware around and has been responsible for several major incidents. The group behind REvil lease their ransomware out to other crooks in exchange for a cut of the profits these affiliates make by extorting Bitcoin payments in exchange for the ransomware decryption keys that the victims need.
OK. The first warning here is "lease their ransonware".
I personally don't know how one would "lease" a piece of illegal software, but I'm certain that I wouldn't do it. And why would you? There's plenty of code out there for ransonware that you could customize...if you knew how to code.
Obviously anyone using this "service" doesn't know how to code.
But it seems that cut isn't enough for those behind REvil: it was recently disclosed that there's a secret backdoor coded into their product, which allows REvil to restore the encrypted files without the involvement of the affiliate.
This could allow REvil to takeover negotiations with victims, hijack the so-called "customer support" chats – and steal the ransom payments for themselves.
Whhaaaatttt? Is there no honor amongst thieves?
Who could have guessed that professional thieves would steal from lazy, stupid, amateur thieves?
It seems that REvil can hijack chats with victims, cut off discussions, in order to collect full shares of the ransom for themselves, and even decrypt the victims files.
This is where the article gets funny.
One forum user claimed to have had suspicions of REvil's tactics, and said their own plans to extort $7 million from a victim was abruptly ended. They believe that one of the REvil authors took over the negotiations using the backdoor and made off with the money.
Another user on the Russian-speaking forum complained they were tired of "lousy partner programs" used by ransomware groups "you cannot trust", but also suggested that the status of REvil as one of the most lucrative ransomware-as-a-service schemes means that wannabe ransomware crooks will still flock to become affiliates.
Excuse me while I shed a tear from my one good eye. There's nothing like a lazy, stupid crook complaining in public how they've been taken advantage of by a better criminal.
Oh, wait. There is one thing that's even better.
One threat actor on XSS said that “the Devil himself will not be able to figure out” arbitration cases against REvil since the matter has gotten too complicated—and that arbitration might be prohibited anyway because some forums have purportedly instituted a ransomware ban.
Arbitration?!? LOL! Are you going to hire lawyers? ROTFL!