As per a tip given to BleepingComputer, REvil (Sodinokibi) ransomware developers are hiring new affiliate hackers to distribute their ransomware. The group has asked interested teams or individuals who’re skilled but not having job opportunities to apply. And to prove their seriousness of the business, they deposited a 99 Bitcoins ($1 million) in their wallet hosted by the forum.

REvil Group is Hiring Hackers!

One may generally imagine the whole ransomware operation is done by an individual or a bunch of the same kinds. But, there’s a variant called Ransomware-as-a-service (RaaS), which divides the whole operation between two parties. Under the RaaS model, malicious developer craft the ransomware malware and hire hackers or insiders to distribute it.

The hackers, on the other hand, look out for bugs in target machines to exploit and deploy the procured ransomware to steal data and encrypt systems. And the aftermath of this incident – leaving a ransom note to inform them about the hackers and demanding a ransom for a decryptor is known to all.

Thus, dividing the work like crafting a malware and the payment site by ransomware group earns them 20-30% commission of all the ransom revenues generated by affiliated hackers. In this model, the REvil (Sodinokibi) group is found to be hiring new affiliates from a Russian-speaking hacker forum.

This was tipped by Damian to BleepingComputer, who found the REvil group has updated their requirements in a recruitment post. They called out

  1. Teams that already have experience and skills in penetration testing, working with msf / cs / koadic, nas / tape, hyper-v and analogues of the listed software and devices;
  2. People who have the experience, but do not have access to work.
Bitcoin wallet of REvil
Bitcoin wallet of REvil

To make their post more serious, they have deposited 99 Bitcoins (equivalent to $1 million) to their wallet, hosted by the forum site. This shows how well the REvil group is earning and how reckless they are to spend. This could be a risk to members since the current chances of the site owner who hosts the wallets may steal the cryptocurrencies.


Please enter your comment!
Please enter your name here