REvil Gang Promises a Big Video-Game Hit; Claims Massive Revenue

By Tara Seals for Threatpost
Thursday, October 29, 2020

• 1.7k
• 12
• 12
• 12
• 6
• More
• 12
• 12
• 12

Attacks are likely to ramp up – and indeed the aforementioned video-game company attack is in the works but under wraps, the REvil operator claimed. But geopolitical realities will add to the momentum, according to Ilia Kolochenko, founder and CEO of web security company ImmuniWeb.

“The pandemic gradually exacerbates the situation, as budgets are being reduced, cybersecurity people are all exhausted, while employees working from home are considerably more vulnerable and susceptible to a wide spectrum of phishing attacks,” he said, via email. “Frequently, it is enough to breach one single user machine to get into a corporate network via VPN. Thus, cybercriminals are now enjoying a windfall of surging profits by effortlessly picking up low-hanging fruits in impunity. Worse, some cybersecurity professionals may sooner or later ponder all pros and cons, and given the unprecedented opportunities and low risks, will readily shift from their daily jobs to generous cyber-gangs.”

Money, Money, Money

All of this activity is in service of course to one thing: Personal enrichment.

The REvil leader noted that life as a cybercriminal started for him with video games.

“Once upon a time, when I was a kid, I installed CHLENIX [cheat config for Counter Strike] and really liked it,” he explained. That legacy lives on. The ransomware’s name is short for “Ransom Evil,” with the nomenclature inspired by the video game “Resident Evil,” according to the interview (only security researchers call it Sodinokibi, he said).

CHLENIX lead to more nefarious things, and now he’s leading a group that claims to be raking in $100 million per year. That’s less than what REvil’s precursor, GandCrab, was making. That group announced a shutdown in June 2019, after claiming to make $2 billion in a year and a half.

REvil was soon developed to take its place, and while the interviewee didn’t confirm the GandCrab connection specifically, he admitted that an earlier project was shut down to make way for a “better product.”

When asked when it would be time to step away form “the life,” he answered. “Personally, I should have stopped a long time ago. I have enough money for hundreds of years, but there is never too much money…[I hope to have] $1 billion, then $2 billion, and then if I’m in a good mood, $5 billion.”

“The [$100 million] number is merely a tip of the cybercrime revenue iceberg,” said Kolochenko. “Concomitant proliferation of cryptocurrencies makes such crimes technically uninvestigable, while law enforcement agencies and joint task forces are already overburdened with nation-state attacks, and transnational targeted attacks aimed to steal intellectual property from the largest Western companies.”

The Downside: Being Hunted

Conventional wisdom says that cyberattackers thrive in dark shadows and anonymity – but comments by the gang leader suggest that REvil members may not be as faceless as they would like.

When asked if group members could travel for instance, the answer was an uncategorical “nope.” The Russian-speaking interviewee added that, contrary to Kolochenko’s claim that being a ransomware operator is “low risk,” no one involved in ransomware would ever travel to Western countries or the United States for fear of being killed.

“We create serious problems and there is no justice for us, so killing us would be the only viable solution,” he said.

He said the group believes they are being hunted by the U.S. Secret Service, Europol and infosec companies on a daily basis, with CIA agents actively trying to infiltrate the group’s operations by posing as an affiliate applicant.

“But generally, their cover falls apart,” he noted. And as for hack-backs, “they have no idea what kind of OS we use on our servers or what kind of web servers we use… They are just hoping to get lucky. Our product…is configured to defend against them.” Read Full Article