The REvil ransomware syndicate is well known for its various ransomware attacks. The victims are not kidding, there are big names like Kaseya, Acer, and Quanta, who are Apple's assembly partners.
But it turns out that they not only get income from piracy to their victims, but also piracy from other hijackers. How come?
So, the creators of REvil instead of using ransomware to demand ransom, they rented it out to other hijackers. So another hijacker could use the ransomware to take a company's data hostage and demand a ransom.
But apparently there is a gap in REvil that the tenants don't know about. So through this loophole, REvil's creators were able to recover the encrypted files that were held hostage, without the intervention of the ransomware tenant.
In addition, they can hijack the negotiation conversation between the tenant and the victim. As a result, the creators of REvil can demand a ransom from the victim, decrypt the hostage files, and still get rent from the tenants of the ransomware.
Flashpoint, a Risk Intelligence company, wrote that this issue was being discussed in a Russian-language underground forum. On the forum there was a user who claimed that the loophole had thwarted a negotiation worth USD 7 million for the ransomware ransom payment.
There are also complaints from other users who call the creators of REvil an untrustworthy party. However, it seems that there is nothing else that can be done to respond to this fraud, because of course they cannot report it to the authorities.
Although the reputation of REvil's creators was tarnished by this case, many observers thought the ransomware would remain popular and persist in the future. According to Tech Monitor, REvil is currently the most popular ransomware in the world, along with Conti, being involved in 13.1% of ransomware attacks during 2021
