Russian hacker explains affiliation with REvil and Ransomware transactions

On pretty rare occasions, we get the opportunity to interact with dark web sharks who are on top of their game. The interview turned much more interesting since the secret service, FBI, and other top government law enforcement agencies, started keeping a keen eye on dark web hacking and data processing matters. The interview was published on the popular Russian news outlet Lenta. The hacker had an affiliation with REvil and disclosed ransomware gang intrusion on the dark web.

The hacker claimed to be a former contractor for the REvil ransomware gang whose current information is not disclosed but leads a secretive life with matters that never comes to light. The interaction between a top-level ransomware gang and the cybersecurity expert forum revealed exciting facts, and new information came to light.

REvil is a Russian-based private ransomware-as-a-service (RaaS) operation also known as Sodinokibi, and as the name suggests, the group consists of highly motivated and expert hackers. REvil ransomware group, after hacking sensitive information threatens to publish it on "Happy Blog," their website. Once the ransom is received, they remove the information or takes them out. Apple supplier fell victim to REvil attack where the hacker group demanded $50 million ransom in demand.

Flashpoint translated the whole interview and published the transcript on their website where the unnamed hacker said, "In the normal world, I was a contractor – doing some tasks for many ransomware collectives that journalists consider to be famous." He talked about how money is extorted with his hands, and at the same time, he isn't ashamed of it.

Anonymous hacker told REvil that authorities keep charging suspects with criminal offences, but they have little to no idea what went down. In his prime days, the hacker managed to work with Russian hacker groups, which changed the power on the darknet, according to him. "Many in one way or another came across the user Unknown who was the official mouthpiece of the group on the darknet."

"There is a version that the Americans managed to find out who it was, after which the data was transferred to the Russian security forces."

REvil built a suite of principles around the RaaS program and interacting with the team provided valuable information on how the dark side of the web functions. Antivirus and security companies portray these guys as individuals who use complex mechanisms to communicate among themselves, and sometimes it's hard to keep the communication running for an extended period. But the real picture is quite different, and they act like working under a single roof for typical gain.

It is easy to develop chronic fatigue and burnout working long stressful hours. Time consumption is part of the action, and once enough is earned, there is the choice to quit the game.

As long as those Russian ransomware attackers don't target any state within the country or ex-Soviet organisations, they can carry out attacks without being hampered or looked out. It is a large part of the problem as they have quite a bit of freedom to do what they do and where they work.

Anti-viruses provide temporary protection till a target is picked by veteran ransomware groups who have no problem going the extra mile to achieve their goal. Former ransomware hacker also mentioned Italian forums on the dark web and said, "they write more about socialism than about hacks." Italian ransomware gangs have little to no presence virtually, but the political motivations fuelled actual attacks on high-value targets who "have a lot of money."

Customers can visit those forums and order custom ransomware of their own if they don't have the skill to write their own script. This makes the dark web quite dangerous for regular users as it can be accessed easily.