Ransomware gangs are complaining that other crooks are stealing their ransoms

Re: Thieves stealing from thieves ...<p>I worked(*) with a credit-card scammer who brought in a software for creating &quot;yes-cards&quot;: Cloned Creditcards that had corrupted chip and pin settings(See <a href="https:&#x2F;&#x2F;www.zeit.de&#x2F;2016&#x2F;05&#x2F;kreditkarten-banken-betrug-sicherheit-kriminalitaet" rel="nofollow">https:&#x2F;&#x2F;www.zeit.de&#x2F;2016&#x2F;05&#x2F;kreditkarten-banken-betrug-siche...</a>, sorry its only in german).<p>It was unheard of at the time that you could do this. So we set up a test to clone a credit card of ours. The kicker was, the software didn&#x27;t work when you disconnected the computer it ran on from the internet. Security mechanism from the creator? Nope, it turns out after tracing&#x2F;dissassembly it sent the data from the cards to a third party to sell it.<p>Our informant was first confused, then outraged. No honor amongs thieves!<p>(*) journalistically!

I thiink I can see why Revil added the backdoor. It&#x27;s not to steal ransoms. It&#x27;s to prevent too juicy a target.<p>There have been reports of crews stating &quot;we won&#x27;t hit hospitals in covid&quot;. With this backdoor, if your customers hit a hospital, you can hold your promise.<p>Even worse than hospitals (from their perspective) is agitating the American intelligence services. Hit too many pipelines, or similar high-news high-impact targets and &#x27;national security threat&#x27; is your new name.<p>Worse than that still, imagine one of your affiliates is stupid enough to target inside Russia. You need to keep the Russians happy or all of a sudden trial or extradition become likely outcomes.<p>At the same time, once you have the opportunity, why not use back door for some more money.<p>Glad to see that they still aren&#x27;t fully cooperating like legal businesses yet.

&gt; Cyber criminals using a ransomware-as-a-service scheme have been spotted complaining that the group they rent the malware from could be using a hidden backdoor to grab ransom payments for themselves.<p>That&#x27;s hilarious. You&#x27;d think they&#x27;d know better than to trust code they did not write...

Note that REvil is the group behind the Colonial Pipeline hack that took down gas supplies down the eastern seaboard earlier this year. They were taken offline by (presumably) the U.S. intelligence services shortly after that hack.<p>It&#x27;s interesting that a.) they&#x27;re back and b.) a secret backdoor that allows REvil to override their affiliates and restore access themselves is found shortly afterwards. Particularly since REvil, in the immediate aftermath of Colonial Pipeline, before they were shut down, sent out a message to their affiliates forbidding any attacks on governments or critical infrastructure. An alternative explanation is that they cut a deal with the CIA where they are allowed to continue to operate in exchange for instituting a backdoor and handing over the keys to major Western governments, such that if they hit any &quot;politically embarrassing&quot; targets, the government can override the affiliate and restore operations.<p>Keep your friends close and your enemies closer. It&#x27;s often smarter to co-opt an adversary than it is to shut them down entirely.

This happens with scammers a lot from what I&#x27;ve seen. I watch Jim Browning and it&#x27;s interesting to see how often a scammer will say &quot;No, that other person was trying to scam you, do not talk to them, only talk to us&quot; when they see evidence of a previous scam.

Tiny violin louthiers are rejoicing thanks to this new market opportunity.

No honor among thieves? Color me shocked.

So they&#x27;re basically publicly admitting they&#x27;re script kiddies.<p>Hilarious.

So where is the back door I wonder. In the actual payload that gets deployed to the victim&#x27;s device? Or in some backend part of the ransomware software?

What is the best defence against this? Is there some software on hdd&#x2F;sdd level that can detect file being encrypted?

&gt; other crooks are stealing their ransoms<p>The hallmark of an ecosystem.

There’s no evidence to suggest it’s happening here, but I wonder how effective it is to disrupt ransomware activity by making the community distrust each other.

I can&#x27;t get the humancetipede image out of my head with these gangs chainfucking eachother with revil being the last link in the chain

Well. They should go to the police!

Who do they complain to? Is there an ombudsman?

Fuck all of them. Criminals stealing from criminals, cry me a river.

Good. Share the (stolen) wealth.

Oh-Dear-How-Sad-Never-Mind.gif

Would be a shame if someone else used that same back door to assist in capturing the perps.

I just upvoted for the headline, clickbaited by the article complaining about crooks complaining about other crooks. I wonder if there is a name for this?

See right through your C2, seize it, so you see how we move.<p>also<p>I don&#x27;t watch TV - I sit back - and watch cowrie hijack a box - patch the hole - like howdy - its me - ya new best friend show me the way that you planned to get these ends<p>Snakes in the grass stay on my toes credentials contained within all these SQL rows no time for these hoes So what you gotta say to me? I need new information, f** all your old queries I&#x27;m planted like raspberries, Pycharm&#x27;s filled with adversaries, static build, f** your external libraries.