Ransomware REvil deposits $1m in hacker fund to promote for-hire malware
Image credit: Pixabay

The ransomware group REvil has deposited $1m worth of bitcoins into a hacker forum to initiate recruitment of affiliates. REvil seeks to hire affiliates who are skilled at penetration testing and other hacker routines, as well as people who have experience with hacking but do not have access to work. Indicatively, the ransomware group initiated this cash dump to prove to their affiliates that they are good at what they do.

Most ransomware groups work as RaaS, with their developers making the payment websites and the actual ransomware, whereas business affiliates are responsible for hacking and encryption procedures. Actually, they work as for-hire malware. It is noteworthy that private  RaaS groups like REvil vet and process each affiliate before choosing to work with them.

In this recent marketing initiative, REvil’s public representative named “unknown”, dumped 99 bitcoins, approximately $1m in a hacker forum to attract business affiliates. These affiliates would be persons or organizations willing to employ REvil’s malware. 

RaaS has a suave business plan

Typically, in a ransomware attack, the groups provide the necessary malware, while the affiliates handle the actual hacking and encryption of data. Upon encryption, the attackers demand ransom in exchange for release of data.

Generally, the ransomware groups receive a 20% – 30% cut from the earnings, while the affiliates take the rest. Admittedly, REVil’s sudden cash-dump is a testament to the large amounts which RaaS organizations earn. Only those businesses which earn millions of dollars can afford to spend such huge amounts of money to make such propositions. Clearly, REvil is also not concerned about the owner of the wallet absconding with their money. 

Ransomware on the rise

A recent report by Cisco highlights the fact that 8% of all cyberattacks are ransomware threats. REvil is one notorious ransomware group and has not held back from leaking sensitive data online in its previous attacks. 

LEAVE A REPLY

Please enter your comment!
Please enter your name here