The publications are suspended, except for particular events, from 1 to 21 August. In the meantime, we are preparing some news for the second half of the year.
REvil (Sodinokibi) gang resume public recruiting
REvil (Sodinokibi) cybercrime group resume recruiting. It has been discovered by the cybersecurity expert Bryan Campbell who found an allegedly release from the group in a forum. “After a year of successful and fruitful work in private, we decided to resume public recruitment – the message reports -. And there are many other unannounced actions. Our software has been repeatedly tested by Europol, Interpol, FBI, CIA, NSA, US Secret Service and other law enforcement agencies and intelligence agencies of countries around the world”. The ransomware “has been used all over the world and has passed a government security audit. Top-notch teams trust our software and have been able to significantly expand their budget and improve the arsenal to work with.”
The ransomware group searches especially penetration testers and teams
According the REvil message, “the disadvantage of working in private, unfortunately, is the lack of hands. The teams have acquired and developed many unique methods for obtaining access, but all of them lack penetration testers. To do this, we organized a competition earlier and were able to select several worthy candidates who have already earned more than one million working with us. We need people who want to make money. Those who want to improve. Go forward.
We recruit 2 categories of persons:
- Teams that already have experience and skills in penetration testing, working with msf / cs / koadic, nas / tape, hyper-v and analogues of the listed software and devices;
- People who have experience, but do not have access to work;
Working with us, you get the maximum level of anonymity and security: we use a multi-level security and access control system, as well as P2P communication tools. In addition, we use the Monero cryptocurrency , for which we have an FAQ . Our software is well-known, has the highest level of protection, ready to work at the intergovernmental level, as well as a high level of conversion, thanks to covert work with many information security companies and data recovery companies.”
The “working” conditions
The cybercrime ransomware gang explained also its working conditions “for teams that have their own access, a constant source of access and skills for their development:
- 1) start – 70/30
- 2) after the first 3 payments – 75/25
- 3) with a profit of more than $ 1 million per week – 80/20
- 4) we conduct correspondence, you can also observe and participate in the dialogue;
- 5) the payment is credited automatically and does not have any holds;
You are registered as an advertiser, with the issuance of a personal domain. If there is no activity for more than 10 days, the account is deleted. Working conditions for people who do not have their own access – working conditions are discussed with access providers. You are placed at the disposal of the current team and work with them.”
The goals of the public recruitment campaign
Finally, REvil group summarizes what it needs: “Thus, we:
- Expand the composition of the teams of acting advertisers with talented people;
- We invite ready-made lineups to work with us;
All this is aimed at one thing – to increase the quality and quantity of waste material, which entails an increase in profits. But this does not mean that everyone will be accepted. For your peace of mind and confidence, we have made a deposit of $ 1 million on xss.is and on this forum, 1BTC”.