REvil Partners Confirms That Leaders Cheated Their Partners
REvil's partners demands that REvil hand over their stolen share of ransomware payemnts on Russian language hacking forums just days after news broke out about REvil cheating their partners. Exploit, a partner with an established reputation on the hacking forum renewed their claim against REvil on the Russian underground forum. The way that ransomware-as-a-service work is that the partners do all the dirty work in exchange for 70 percent of the ransom. REvil was supposed to take the remaining 30 percent.
When negotiations suddenly collapsed, the partners started to get suspicious and they turn to the underground's version of arbitration. When there is a dispute or money goes missing, the hacking community has it's own court. When partners of Darkside, the group responsible for the Colonial Pipeline attack, had a tough time getting paid for their work after DarkSide's servers were shut down, they turned to admins of the group's Dark Web criminal forum. Aggrieved partners in crime took to the forums in May 2021 to recoup $21 million from REvil for allegedly scamming them.
It wasn't just the aggrieved partners who confirmed researchers' suspicions, the representative of #LockBit also stated that former REvil partners shared with them that they were scammed due to the double chat scheme. LockBit 2.0 is also a prolific RaaS gang that's been growing rapidly shown by its long list of LockBit 2.0's victims. When one of the gang confirms that REvil ripped off its own partners, there's a good chance they’re telling the truth.
Now that REvil have re-emerged with a new representative, researchers are hoping that confirmation of REvil's practice of back-stabbing their parters will cause them to be shunned on the underground. This could potentially weaken their ties and ability to recruit and collaborate within the community.