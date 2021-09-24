Suspicions surrounding the return of the criminal group REvil, one of the biggest ransomware gangs of recent years, gained traction after partners of the organization claimed to have been outlawed. The accusations appear in the same forums where the gang sells its digital kidnapping services and claim that those responsible would be making parallel contacts with the victims, trying to keep the ransom and not pay fees to those responsible for the attacks.

Reports were raised by security researchers at Advanced Intel after the discovery of a gateway into REvil’s ransomware, which would allow system operators to unlock files from hit by attacks. This also allowed for direct contact with victims, outsmarting the original perpetrators of the scams as a way to avoid paying part of their earnings to partners.

The root of the issue is the system of ransomware as a service, in which REvil, like many other gangs, markets their digital hijacking tools rather than carrying out all the attacks on their own. This allows even less sophisticated criminals to get involved in cybercrime, while monetizing the malicious tools even further, with a share of the earnings of 30% for the clients and 14% for the system developers.