The annual earnings of the hacker group behind the ransomware REvil (Sodinokibi) exceeded $100m. In an interview with the YouTube channel Russian OSINT, a member of the group, going by the aliases “UNKN” and “Unknown”, spoke about some details of its operations.<\/p>\n
<\/p>\n
REvil encrypts users’ files, after which criminals demand a ransom to restore access. This was the case with the British foreign-exchange network Travelex \u2014 it allegedly paid the hackers $2.3m in bitcoins.<\/p>\n
The ransomware operates under a ransomware-as-a-service (RaaS) model, whereby the developers share the proceeds from ransoms with affiliated operators who carry out the attacks and steal data.<\/p>\n
According to the interviewee, victims pay in about one third of cases. Since 2019, criminals have increasingly used threats of possible leaks.<\/p>\n
\n“Very often they pay not for the act of encryption itself, but to ensure the files do not fall into public access,” said the group’s representative.<\/p>\n<\/blockquote>\n
They also teased ‘another high-profile attack’. The hacker declined to disclose details, but noted that it would involve “a major game developer”.<\/p>\n
In late September, Sodinokibi developers placed<\/a> a $1m deposit on a hacker forum ‘to reassure and instill confidence in potential partners’.<\/p>\n