Connect with us
REvil operators had the opportunity to rob their partners REvil operators had the opportunity to rob their partners

Security

REvil operators had the opportunity to rob their partners

Published

on

The backdoor allowed REvil operators to intercept chats of their partners and victims and receive the full amount of the ransom paid.

Information security specialists from Advanced Intelligence discovered a backdoor that allegedly allowed the operators of the ransomware REvil to intercept the chats of their partners and victims and receive the full amount of the ransom paid.

When a ransomware partner breaks into the network and tries to establish persistence on the system, REvil operators transmit the payload to the partner to infect the network and encrypt the data. If the victim pays the ransom, the partner group gets 70% of that amount for doing all the work of compromising the network, stealing data, and encrypting it. REvil members receive the remaining 30% in exchange for providing ransomware that partners use to take control of victims’ data and systems.

However, if the REvil group decided to deceive the partners, then in this case it received the entire payment amount – 70% of the partner in addition to its 30%.

“Using this backdoor, REvil could intercept conversations of victims during active negotiations with partners and receive 70% of the ransom intended for partners,” the experts explained.

Advanced Intelligence already knew that REvil uses double chats. In such cases, two identical chats are opened with the victim, one by the partner group, and the other by the REvil operators. Security experts have no evidence that the REvil management used the backdoor to terminate the partner chat, posing as a victim who decided to end negotiations without paying a ransom, and then continued negotiations with the victim to receive 100% of the income. However, double chats and the existence of a backdoor indicate REvil’s willingness to carry out such shenanigans.

As specialists discovered, the backdoor was removed in the latest versions of the REvil ransomware after the group shut down its servers in July this year. The criminals reworked the malware, presumably to “prevent the use of a backdoor against new victims by former REvil members who have access to the backdoor.”

Click to comment

Leave a Reply

Your email address will not be published.

Security

Young hacker who leaked GTA 6 material denies his guilt

Published

on

Young hacker who leaked GTA 6 material denies his guilt

The 17-year-old hacker, who was previously arrested in the UK on suspicion of hacking Rockstar Games and Uber, has pleaded not guilty. According to police, he appeared in court over the weekend, but refused to plead guilty to PC misuse. At the same time, he admitted that he violated the conditions of release on bail. Now he is being held in a juvenile detention center.

Young hacker who leaked GTA 6 material denies his guilt

According to investigators, the 17-year-old is part of the Lapsus$ hacker group and is behind the recent leak of videos and other details of the $2 billion GTA 6 game.

Earlier, a hacker under the nickname teapotuberhacker published an archive with video and source code from an early version of GTA 6, which has already gone viral. Take-Two tried to stop the spread of the leak, but it was only partially successful.

The hacker also said that it was he who attacked the Uber computer system, gaining access to correspondence, email addresses, and so on.

At the moment, the investigation is ongoing, so it is not yet clear how this story will end.

Continue Reading

Security

Cloudflare introduces world’s first eSIM with better security than VPN

Published

on

Cloudflare introduces worlds first eSIM with better security than VPN

Cloudflare has introduced a new solution that may be suitable for smartphone and mobile Internet users. We are talking about an eSIM card called Zero Trust SIM. Its peculiarity is that it provides an increased level of security, reducing the risk of number substitution.

Cloudflare introduces world's first eSIM with better security than VPN

In technical terms, we are talking about the transfer of DNS requests through the Cloudflare gateway, which allows you to protect them from interception and spoofing. Also promised is a check of all intermediate nodes through which the device accesses the Internet.

According to Cloudflare CTO John Graham-Cumming, Zero Trust SIM technology can outperform VPNs and other security systems as it provides cell-level protection.

Zero Trust SIM will launch first in the US, where only a virtual card for iOS and Android will be available at first. When activated, it will bind to a specific device and allow you to protect it. Physical maps are also expected in the future.

The company is also launching Zero Trust for Mobile Operators, an affiliate program for telecom operators that will enable them to offer subscriptions to the services and tools of the Zero Trust platform. In addition, a similar project is expected for the Internet of Things.

Continue Reading

Security

17-year-old hacker who allegedly leaked GTA 6 gameplay videos online arrested in UK

Published

on

17 year old hacker who allegedly leaked GTA 6 gameplay videos online

London police today announced the capture of a 17-year-old teenager suspected of cybercrime in Oxfordshire. At the moment, it is only reported that the arrested person is in custody.

17-year-old hacker who allegedly leaked GTA 6 gameplay videos online arrested in UK

The police declined to say what caused the arrest, but a number of facts indicate that this particular teenager, associated with the Lapsus$ hacker group, previously hacked into Uber, and recently posted screenshots and videos of GTA 6 gameplay on the Web.

In March, Bloomberg wrote that the person believed to be behind several major network hacks was a 16-year-old teenager whose home is in Oxfordshire. Uber wrote on its blog after the hack: “We believe this attacker (or attackers) is associated with a hacker group called Lapsus$, which is becoming more and more active.” A hacker who posted a GTA 6 video online claimed responsibility for the attack on Uber in forum posts.

Recall, yesterday it became known that the FBI joined the investigation into the hacking of Uber and the publication of GTA 6 materials online.

Continue Reading

Most Popular