Scammers Scammed

Heaven forfend! The Russian ransomware gang REvil leases its software out to other crooks in exchange for a cut of the profits, but ransomware forum watchers have spotted the lessees complaining that the lessor is planting a hidden backdoor in the ransomware which allows REvil to restore the encrypted files without the involvement of the lessee. One forum user said their plans to extort $7 million from a victim ended when REvil took over the negotiations using the backdoor and made off with the money. Another said he she or it was fed up with “lousy partner programs you cannot trust,” but seemed resigned that REvil’s status as one of the most lucrative ransomware-as-a-service schemes means ransomware crooks will still stand in line to become affiliates. Another complained that dealing with REvil after a ripoff was a lesson in futility, comparing it to trying to arbitrate “against Stalin”.