The annual earnings of the hacker group behind the ransomware REvil (Sodinokibi) exceeded $100m. In an interview with the YouTube channel Russian OSINT, a member of the group, going by the aliases “UNKN” and “Unknown”, spoke about some details of its operations.
REvil encrypts users’ files, after which criminals demand a ransom to restore access. This was the case with the British foreign-exchange network Travelex — it allegedly paid the hackers $2.3m in bitcoins.
The ransomware operates under a ransomware-as-a-service (RaaS) model, whereby the developers share the proceeds from ransoms with affiliated operators who carry out the attacks and steal data.
According to the interviewee, victims pay in about one third of cases. Since 2019, criminals have increasingly used threats of possible leaks.
“Very often they pay not for the act of encryption itself, but to ensure the files do not fall into public access,” said the group’s representative.
They also teased ‘another high-profile attack’. The hacker declined to disclose details, but noted that it would involve “a major game developer”.
In late September, Sodinokibi developers placed a $1m deposit on a hacker forum ‘to reassure and instill confidence in potential partners’.
Follow ForkLog news on VK!