Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The gang themselves aren't doing the actual customer engagement (breaking in, phishing, etc.). The affiliates are. The affiliates are the ones themselves potentially exposing their IP address. REvil just provides the tools, training, and guidance.


The ringleaders also risk their IP when they access any website, such as some crime forum to sell their malware. Crime forums regularly get hacked, and sometimes the databases have last logged in IP in them.

Also, I'm not sure about crime forums, but other forums sometimes allow image embedding, either by a profile picture hotlink, or bbcode, or html, which can get the IP of everyone who views the page.

Also, just by sending someone a link you can get that person's IP. Maybe DNS prefetching can get some info about the person even if the person doesn't click the link.

Also whatever hosting provider they use to distribute the malware to the affiliates could end up leaking their IP.


customer engagement

Is this a euphemism for victim engagement, or is there some other party playing the customer role that I'm not thinking of?


REvil makes the malware, they sell it to criminals, and the criminals infect systems and take the payments for themselves.


IIRC REvil does not sell the malware to criminals, they give the malware to criminals but hold some control over the decryption keys needed for the ransom to ensure that they get a share of it.

I.e. it's truly an affiliate / revenue sharing system, not a sale of tools.


Ah, interesting. I guess that'd be the way to do it, though I wonder if they hold the payment keys themselves too, or if they get paid after the fact.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: