Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Crime

Ransomware Gangs are Complaining That Other Crooks are Stealing Their Ransoms (zdnet.com) 49

"Cyber criminals using a ransomware-as-a-service scheme have been spotted complaining that the group they rent the malware from could be using a hidden backdoor to grab ransom payments for themselves," reports ZDNet: REvil is one of the most notorious and most common forms of ransomware around and has been responsible for several major incidents. The group behind REvil lease their ransomware out to other crooks in exchange for a cut of the profits these affiliates make by extorting Bitcoin payments in exchange for the ransomware decryption keys that the victims need. But it seems that cut isn't enough for those behind REvil: it was recently disclosed that there's a secret backdoor coded into their product, which allows REvil to restore the encrypted files without the involvement of the affiliate. This could allow REvil to takeover negotiations with victims, hijack the so-called "customer support" chats — and steal the ransom payments for themselves.

Analysis of underground forums by cybersecurity researchers at Flashpoint suggests that the disclosure of the REvil backdoor hasn't gone down well with affiliates. One forum user claimed to have had suspicions of REvil's tactics, and said their own plans to extort $7 million from a victim was abruptly ended. They believe that one of the REvil authors took over the negotiations using the backdoor and made off with the money.

This discussion has been archived. No new comments can be posted.

Ransomware Gangs are Complaining That Other Crooks are Stealing Their Ransoms

Comments Filter:
  • by gweihir ( 88907 ) on Sunday October 03, 2021 @12:41PM (#61856497)

    If you do, you become complicit at perpetuating the criminal business model. Instead, be prepared to recover yourself and fix your IT Security.

    • make pot fully legal as well
      may even decriminalize hard drugs like cocaine and heroin so make more funds go a way from the bad guys

    • by awwshit ( 6214476 ) on Sunday October 03, 2021 @02:04PM (#61856715)

      > fix your IT Security

      I find this kind of offensive. There have been more 'zero day' exploits used in the wild in 2021 than any other year. The largest factor in most ransomware attacks is human beings. Even if you have all of the latest patches, even if you take away admin and other rights, even if you have the latest and most sophisticated EDR, even if you use SIEM, even if you filter and proxy everything, even if you think you've blocked exfiltration, even if you block every single mitre attack, all it takes is one human to slip up and fuck it up for everyone. What rules the day is recent offline backups and a process to get going again ASAP.

      Do you like it when IT phishes you and sends you to training? Then stop being an idiot. The ransomware problem isn't IT's fault, much more likely to be someone with low computer skills.

      • by jmdevince ( 1175647 ) on Sunday October 03, 2021 @04:27PM (#61857289)
        After working in digital forensics for a number of years and computer security for over a decade. I can absolutely tell you that you are 100% wrong.

        IT security can stop even the most technologically illiterate people from being a vector of compromise. Through the use of various network monitoring tools, e-mail filtering, web traffic filtreing, firewalling, multi-factor authentication, authentication logging, event correlation, security automation and orchestration tools it is absolutely possible to not only detect but prevent an end-user from causing a catastrophic or even mild problem for an organization.

        Beyond that, any IT program should have offline backups that can be restored from in the event of a ransomware event occurs. 3-2-1 backup scheme is IT 101. If a company is not backing up their data, it obviously isn't that important to them.

        The ransomware problem is absolutely a company's fault for not having adequate IT staff and protection
        • What you are saying is "It won't happen to me.". You can limit the damage but there is no 100% prevention.

        • by gweihir ( 88907 )

          The ransomware problem is absolutely a company's fault for not having adequate IT staff and protection

          Indeed, it is. Now, whether that in turn is the fault of "management" for hiring the wrong people and/or not giving them enough to work with is a different question. But in the end it may only be the fault of the IT people or the fault of both IT people and management. The IT people cannot really be blameless here. They can only be part of a larger problem, but they are most decidedly part of the problem.

          Here is the thing: Even if IT is often not seen as engineering, for all intents and purpose it is. Engin

        • by Corbets ( 169101 )

          Working in the field for a whole decade? Wow. You must be, like, an expert or something.

          I’ve only got two decades of experience myself, and a reasonable degree of seniority in the field, yet that experience tells me things aren’t as simple as you paint them out to be. Backups, for instance. Some industries are so transactional that restoring from day-old backups would be functionally equivalent to going out of business.

          And how does your security team prevent, with your 100% certainty, an end-use

      • That may be true but the exploits you speak of are more to blame on the software developers that are writing that buggy shit in the first place.

        My research says there are days when crappy software wasn't paid for until it was fixed and until then they coders had to rewrite it.

        Software should come with a warranty these days that lets you sue the crap out of the vendor if its their hole that turned your IT department into a goatse franchisee.

        • Read the EULA, it says that the software does not have to work at all and that the people who made are liable for nothing. I guess we are all lucky that any software works at all, thanks lawyers.

      • by gweihir ( 88907 )

        If a human can easily make a mistake that gets your systems compromised, then your IT security is broken because you lack "defense in depth". If you have a hard time recovering from such an attack, then your IT security is broken because you did not due BCM/DR due diligence. If you have an MS "strategy" and did not put effective extra measure in place that compensates for the chronic lack of security that comes with it, then your IT security is broken because you messed up your risk
        management.

        And so on. Th

    • Indeed, for the same reason it's a crime to pay off a kidnapper's ransom.
  • by DontBeAMoran ( 4843879 ) on Sunday October 03, 2021 @12:47PM (#61856521)

    "There is no honour among thieves."

    • by Falos ( 2905315 ) on Sunday October 03, 2021 @02:20PM (#61856755)

      Sure, but I wonder if the headline really is "Gangs are warning other gangs".

      While they might not trust each other to be moral, they expect each other to be self-serving. Dealer reputation matters there in the underworld too. Getting blacklisted hurts there too. Who the fuck wants to buy heroin or a gun from a guy that's been called out as not actually sending the goods? They're not being moral, it's just good business.

      Which I guess is why "if you can get away with it" becomes appealing. Nope, no honor getting in the way, just brand. And if we can sneak some more off the top, we sure will, honor schmonor, no brand damage. If we don't get caught, we won't get called out.

      Apparently they're getting called out.

  • LOL! (Score:5, Funny)

    by Gravis Zero ( 934156 ) on Sunday October 03, 2021 @12:50PM (#61856537)

    1. If you aren't writing your own code then you're just a script kiddie.
    2. "I voted for criminals stealing people's money but I never thought criminals would steal my money!"

    • by shanen ( 462549 )

      Mod parent funny and should have been FP. The "no honour among thieves" comment is the current runner up.

      But not the greatest possible joke for the topic. No, I don't have a better one, but I can smell a potentially hilarious setup scenario when I see one.

      • Step 1: Make fake IT infrastructure
        Step 2: invite ransomware in
        Step 3: After some debate, agree to pay, and tell them you are going to do the deposit in an hour
        Step 4: at that point unleash your own ransomware on the attackers
        Step 5: Ask them half of the amount they are trying to get from you
        Buy a nice cigar when they pay you.

        (Yeah, probably not that realistic, but would be fun)
        • by shanen ( 462549 )

          Okay, but aren't you supposed to include a "PROFIT" tag in the business plan?

          (I would still invest in a company that makes a good transparent face mask. That's a profit the world needs.)

          • Appreciate your fetish for Transparent masks :)
            I have that too, but mine is because I was stuck last year with a boss who couldn't hear me unless I lowered my mask before talking
            There are quite a lot of issues with making better masks which would be effective as well as transparent and with sufficient flow rates and light weight enough so people keep wearing them without fidgeting every few minutes. Still there were a few prototypes we found good enough to be crowdfunded. Sadly both kickstarter & indie

            • by shanen ( 462549 )

              I was surprised to get some useful details about masks as a result of this discussion, but you're raising a different "fetish". I think the problem with Kickstarter (and probably Indiegogo, but I don't know as much about it) is the lack of accountability for and control over the projects, making it too easy to scam or fail. My "solution approach" fetish for that problem is tagged CSB (for Charity Share Brokerage), where the CSB would not be running any kind of lottery, but rather earning money through proje

      • Re:LOL! (Score:4, Insightful)

        by Known Nutter ( 988758 ) on Sunday October 03, 2021 @01:32PM (#61856637)
        What's up with your obsession with reviewing FP? It's so strange.
        • by shanen ( 462549 )

          And your constructive contribution to Slashdot and the world is being a proud nutter of some sort? Thanks, but when I want your advice I'd do better to flush my head in a toilet.

          And no, I didn't review your comments to check. Couldn't care less. Pretty sure I've never previously regarded any of your comments as worth a reaction.

          This is a yet another prophylactic job for MEPR. In the meantime and at lower cost, I can fantasize that some of the recent FPs are slightly improved. Causation unknown and unlovable

    • "1. If you aren't writing your own code then you're just a script kiddie."

      If you're not writing in machine language, you're just a script kiddie.

  • by Pierre Pants ( 6554598 ) on Sunday October 03, 2021 @12:54PM (#61856549)
    who CAN you trust?
  • by PPH ( 736903 ) on Sunday October 03, 2021 @12:55PM (#61856553)

    There ought to be a law ...

  • "Cyber criminals using a ransomware-as-a-service scheme have been spotted complaining that the group they rent the malware from could be using a hidden backdoor to grab ransom payments for themselves," ...

    So there's actually *no* honor among thieves? This changes everything...

  • violin small enough

  • True when it was first written and still true today.
    • Well, there is some, especially in organized crime. REvil is playing an iterated game now, and has to know the cost of betrayal is an end to that game. But they are criminals, and that was a lot of money, so greed and short-sightedness may have driven their decision.

      It could even be that one member of the gang broke ranks to snag the ransom. In which case they’ll be running from hit men for a while. The gang can’t let someone get away with that.

  • sp there ain't no honor among thieves.

  • by shanen ( 462549 ) on Sunday October 03, 2021 @07:35PM (#61857811) Homepage Journal

    In this target-rich story there isn't a single comment modded funny?

    C'mon moderators. Do your duties.

  • You cannot trust anyone these days. Remember when you paid for a service and got your money's worth? Well, no more.

    My neighborâ(TM)s dog kept shitting on my lawn, so I did what any self-respecting American would do ⦠I hired a hitman (hitdog?) to deep-six the mutt.

    Then I sat by the window and watched, and when he arrived, do you know what the hitdog did? He gave the fucking thing a treat, then he took it to the vet! Worse still, he still drops by every day with a bag of treats! He feeds the

  • Law enforcement should track down the REvil scammers and make them give back the money to the ransomware people who did all the hard work for infecting the victim's system. Not only is it a breach of contract, it damages the hard earned reputation of the ransomware leasee! What is the world come to.

  • REvil could be stepping in for other reasons. Like if the “licensee” hit a friendly target, or maybe even some degree of golden goose preservation where they don’t allow multiple attacks on one target.
  • HEY! I stole this fair and square!

    Like the land that was stolen from the Native Americans.
  • ... this is how organized crime starts.

    When criminals need protection they create the structure to provide that protection. And, guess who's already poised to provide it: Russia and China.

    Don Putin, I am honored and grateful that you have invited me to your daughter's wedding... on the day of your daughter's wedding. And I hope their first child be a masculine child. I pledge my ever-ending loyalty.

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...