REvil Ransomware Now Helps with Extortion by Offering to Call the Victim’s Contractors and the Media

REvil Ransomare Helps with ExtortionThe bad guys are going to great lengths to ensure they make their money. As part of its Ransomware-as-a-Service, REvil is now expanding its services to aid in the extortion phase.

REvil/Sodinkibi has been a major player in the RWaaS market, providing its’ affiliate bad guys with functional ransomware malware and a payment site. They are relying on the affiliate to attack, infiltrate, and compromise the victim networks in order to deploy the ransomware. This split of duties brings REvil somewhere between 20-30% of the ransom, with the affiliate taking the remainder home.

So, it’s mutually beneficial to both parties that the ransom first, be paid and second, be as much as possible. The exfiltrating of data and extorting the victim organization to pay or face publication of the stolen data has been growing over the last year since it was first seen used by Maze.

But a new twist on the extortion saga is the launching of a calling service where REvil will call the victim organizations business partners, local media, and more to bring the attack to light and force the organization to pay up to regain its operations.

Shown below, the ad asks for affiliates to provide organization details, chat contacts and phone numbers to call.


Source: Twitter

The bad guys aren’t going to be satisfied with just taking your ransom payment; they’re going to ensure they squeeze the maximum amount of money out of your organization they can.

Free Ransomware Simulator Tool

Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 24 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

RansIm-Monitor3Here's how it works:

  • 100% harmless simulation of real ransomware and cryptomining infections
  • Does not use any of your own files
  • Tests 25 types of infection scenarios
  • Just download the install and run it 
  • Results in a few minutes!

Get RanSim!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Ransomware

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews