REvil ransomware developers say that they made more than $100 million in one year by extorting large businesses from various sectors around the world. They are motivated by profit and want to make $2 billion from their ransomware service.
A REvil representative that uses the aliases “UNKN” and “Unknown” on cybercriminal forums spoke with a Russian technology blog, supplying details about the group’s activity and hints of what they expect for the future .Like almost all ransomware gangs today, REvil runs a ransomware-as-a-service (RaaS) operation. According to this model, developers supply malware that encrypts files, and charges fees for their use.
With REvil, the developers take 20-30% and the rest of the paid ransom goes to affiliates, who run the attacks, steal data, and encrypt corporate networks. “Most work is done by distributors and ransomware is just a tool, so they think that’s a fair split,” a REvil representative said in an interview. This means that the developers set the ransom amount, run the negotiations, and collect the money that is later split with affiliates.
REvil affiliates were able to breach the networks of Travelex and GSMLaw in just three minutes by exploiting a vulnerability in Pulse Secure VPN left unpatched for months after the fix became available. REvil claims that one out of every three victims is currently willing to pay the ransom to prevent the leaking of company data. This is the next step in the ransomware business.