REVil ransomware devs added a backdoor to cheat affiliates


Level 37
Feb 4, 2016
Cybercriminals are slowly realizing that the REvil ransomware operators may have been hijacking ransom negotiations, to cut affiliates out of payments.
By using a cryptographic scheme that allowed them to decrypt any systems locked by REvil ransomware, the operators left their partners out of the deal and stole the entire ransom.

Conversations about this practice started a while ago on underground forums, in posts from collaborators of the gang, and have been confirmed recently by security researchers and by malware developers.