Ransomware Gangs are Complaining That Other Crooks are Stealing Their Ransoms (zdnet.com) 49
"Cyber criminals using a ransomware-as-a-service scheme have been spotted complaining that the group they rent the malware from could be using a hidden backdoor to grab ransom payments for themselves," reports ZDNet:
REvil is one of the most notorious and most common forms of ransomware around and has been responsible for several major incidents. The group behind REvil lease their ransomware out to other crooks in exchange for a cut of the profits these affiliates make by extorting Bitcoin payments in exchange for the ransomware decryption keys that the victims need. But it seems that cut isn't enough for those behind REvil: it was recently disclosed that there's a secret backdoor coded into their product, which allows REvil to restore the encrypted files without the involvement of the affiliate. This could allow REvil to takeover negotiations with victims, hijack the so-called "customer support" chats — and steal the ransom payments for themselves.
Analysis of underground forums by cybersecurity researchers at Flashpoint suggests that the disclosure of the REvil backdoor hasn't gone down well with affiliates. One forum user claimed to have had suspicions of REvil's tactics, and said their own plans to extort $7 million from a victim was abruptly ended. They believe that one of the REvil authors took over the negotiations using the backdoor and made off with the money.
Analysis of underground forums by cybersecurity researchers at Flashpoint suggests that the disclosure of the REvil backdoor hasn't gone down well with affiliates. One forum user claimed to have had suspicions of REvil's tactics, and said their own plans to extort $7 million from a victim was abruptly ended. They believe that one of the REvil authors took over the negotiations using the backdoor and made off with the money.
Don't pay these people (Score:4, Informative)
If you do, you become complicit at perpetuating the criminal business model. Instead, be prepared to recover yourself and fix your IT Security.
make pot fully legal as well (Score:1)
make pot fully legal as well
may even decriminalize hard drugs like cocaine and heroin so make more funds go a way from the bad guys
Re:Don't pay these people (Score:5, Informative)
> fix your IT Security
I find this kind of offensive. There have been more 'zero day' exploits used in the wild in 2021 than any other year. The largest factor in most ransomware attacks is human beings. Even if you have all of the latest patches, even if you take away admin and other rights, even if you have the latest and most sophisticated EDR, even if you use SIEM, even if you filter and proxy everything, even if you think you've blocked exfiltration, even if you block every single mitre attack, all it takes is one human to slip up and fuck it up for everyone. What rules the day is recent offline backups and a process to get going again ASAP.
Do you like it when IT phishes you and sends you to training? Then stop being an idiot. The ransomware problem isn't IT's fault, much more likely to be someone with low computer skills.
Re:Don't pay these people (Score:4, Interesting)
IT security can stop even the most technologically illiterate people from being a vector of compromise. Through the use of various network monitoring tools, e-mail filtering, web traffic filtreing, firewalling, multi-factor authentication, authentication logging, event correlation, security automation and orchestration tools it is absolutely possible to not only detect but prevent an end-user from causing a catastrophic or even mild problem for an organization.
Beyond that, any IT program should have offline backups that can be restored from in the event of a ransomware event occurs. 3-2-1 backup scheme is IT 101. If a company is not backing up their data, it obviously isn't that important to them.
The ransomware problem is absolutely a company's fault for not having adequate IT staff and protection
Re: (Score:3)
What you are saying is "It won't happen to me.". You can limit the damage but there is no 100% prevention.
Re: (Score:2)
The ransomware problem is absolutely a company's fault for not having adequate IT staff and protection
Indeed, it is. Now, whether that in turn is the fault of "management" for hiring the wrong people and/or not giving them enough to work with is a different question. But in the end it may only be the fault of the IT people or the fault of both IT people and management. The IT people cannot really be blameless here. They can only be part of a larger problem, but they are most decidedly part of the problem.
Here is the thing: Even if IT is often not seen as engineering, for all intents and purpose it is. Engin
Re: (Score:2)
Working in the field for a whole decade? Wow. You must be, like, an expert or something.
I’ve only got two decades of experience myself, and a reasonable degree of seniority in the field, yet that experience tells me things aren’t as simple as you paint them out to be. Backups, for instance. Some industries are so transactional that restoring from day-old backups would be functionally equivalent to going out of business.
And how does your security team prevent, with your 100% certainty, an end-use
Re: (Score:2)
That may be true but the exploits you speak of are more to blame on the software developers that are writing that buggy shit in the first place.
My research says there are days when crappy software wasn't paid for until it was fixed and until then they coders had to rewrite it.
Software should come with a warranty these days that lets you sue the crap out of the vendor if its their hole that turned your IT department into a goatse franchisee.
Re: (Score:2)
Read the EULA, it says that the software does not have to work at all and that the people who made are liable for nothing. I guess we are all lucky that any software works at all, thanks lawyers.
Re: (Score:2)
If a human can easily make a mistake that gets your systems compromised, then your IT security is broken because you lack "defense in depth". If you have a hard time recovering from such an attack, then your IT security is broken because you did not due BCM/DR due diligence. If you have an MS "strategy" and did not put effective extra measure in place that compensates for the chronic lack of security that comes with it, then your IT security is broken because you messed up your risk
management.
And so on. Th
Re: (Score:2)
You know the old proverb (Score:4, Interesting)
"There is no honour among thieves."
Re:You know the old proverb (Score:4, Interesting)
Sure, but I wonder if the headline really is "Gangs are warning other gangs".
While they might not trust each other to be moral, they expect each other to be self-serving. Dealer reputation matters there in the underworld too. Getting blacklisted hurts there too. Who the fuck wants to buy heroin or a gun from a guy that's been called out as not actually sending the goods? They're not being moral, it's just good business.
Which I guess is why "if you can get away with it" becomes appealing. Nope, no honor getting in the way, just brand. And if we can sneak some more off the top, we sure will, honor schmonor, no brand damage. If we don't get caught, we won't get called out.
Apparently they're getting called out.
Re: (Score:2)
LOL! (Score:5, Funny)
1. If you aren't writing your own code then you're just a script kiddie.
2. "I voted for criminals stealing people's money but I never thought criminals would steal my money!"
Re: (Score:2)
Mod parent funny and should have been FP. The "no honour among thieves" comment is the current runner up.
But not the greatest possible joke for the topic. No, I don't have a better one, but I can smell a potentially hilarious setup scenario when I see one.
Re: (Score:1)
Step 2: invite ransomware in
Step 3: After some debate, agree to pay, and tell them you are going to do the deposit in an hour
Step 4: at that point unleash your own ransomware on the attackers
Step 5: Ask them half of the amount they are trying to get from you
Buy a nice cigar when they pay you.
(Yeah, probably not that realistic, but would be fun)
Re: (Score:2)
Okay, but aren't you supposed to include a "PROFIT" tag in the business plan?
(I would still invest in a company that makes a good transparent face mask. That's a profit the world needs.)
Re: LOL! (Score:2)
Appreciate your fetish for Transparent masks :)
I have that too, but mine is because I was stuck last year with a boss who couldn't hear me unless I lowered my mask before talking
There are quite a lot of issues with making better masks which would be effective as well as transparent and with sufficient flow rates and light weight enough so people keep wearing them without fidgeting every few minutes. Still there were a few prototypes we found good enough to be crowdfunded. Sadly both kickstarter & indie
Re: (Score:2)
I was surprised to get some useful details about masks as a result of this discussion, but you're raising a different "fetish". I think the problem with Kickstarter (and probably Indiegogo, but I don't know as much about it) is the lack of accountability for and control over the projects, making it too easy to scam or fail. My "solution approach" fetish for that problem is tagged CSB (for Charity Share Brokerage), where the CSB would not be running any kind of lottery, but rather earning money through proje
Re:LOL! (Score:4, Insightful)
Re: (Score:1)
And your constructive contribution to Slashdot and the world is being a proud nutter of some sort? Thanks, but when I want your advice I'd do better to flush my head in a toilet.
And no, I didn't review your comments to check. Couldn't care less. Pretty sure I've never previously regarded any of your comments as worth a reaction.
This is a yet another prophylactic job for MEPR. In the meantime and at lower cost, I can fantasize that some of the recent FPs are slightly improved. Causation unknown and unlovable
Take it further. (Score:2)
"1. If you aren't writing your own code then you're just a script kiddie."
If you're not writing in machine language, you're just a script kiddie.
Re: (Score:2)
Weak troll.
If you can't even trust ransomware gangs anymore (Score:4, Funny)
This is unconscionable (Score:4, Insightful)
There ought to be a law ...
Wait! (Score:2)
"Cyber criminals using a ransomware-as-a-service scheme have been spotted complaining that the group they rent the malware from could be using a hidden backdoor to grab ransom payments for themselves," ...
So there's actually *no* honor among thieves? This changes everything...
Use nano-lasers to make a (Score:1)
violin small enough
Re: (Score:1)
My nose bleeds in sympathy for their plight.
There is no honor among thieves. (Score:2)
Re: (Score:2)
It could even be that one member of the gang broke ranks to snag the ransom. In which case they’ll be running from hit men for a while. The gang can’t let someone get away with that.
nothing to cry about (Score:2)
sp there ain't no honor among thieves.
No joke? Really? (Score:3)
In this target-rich story there isn't a single comment modded funny?
C'mon moderators. Do your duties.
This Is an Outrage (Score:2)
You cannot trust anyone these days. Remember when you paid for a service and got your money's worth? Well, no more.
My neighborâ(TM)s dog kept shitting on my lawn, so I did what any self-respecting American would do ⦠I hired a hitman (hitdog?) to deep-six the mutt.
Then I sat by the window and watched, and when he arrived, do you know what the hitdog did? He gave the fucking thing a treat, then he took it to the vet! Worse still, he still drops by every day with a bag of treats! He feeds the
Re: (Score:2)
Perhaps you should have paid someone to simply potty train your neighbors dog.
obligatory (Score:2)
Consumer protection (Score:1)
Law enforcement should track down the REvil scammers and make them give back the money to the ransomware people who did all the hard work for infecting the victim's system. Not only is it a breach of contract, it damages the hard earned reputation of the ransomware leasee! What is the world come to.
Might not be “stealing” ransoms (Score:2)
HEY! (Score:1)
Like the land that was stolen from the Native Americans.
You all laugh, but ... (Score:1)
When criminals need protection they create the structure to provide that protection. And, guess who's already poised to provide it: Russia and China.
Don Putin, I am honored and grateful that you have invited me to your daughter's wedding... on the day of your daughter's wedding. And I hope their first child be a masculine child. I pledge my ever-ending loyalty.