The REvil hackers, known as Sodinokibi, deposited $1 million worth of Bitcoin on a Russian hacker forum on September 28, 2020. The move took place as part of a public recruitment effort.
Ransomware attacks involve software that freeze computers and ask for a fee to enable the device to function as normal once again. The 2017 WannaCry attack made ransomware attacks requesting Bitcoin payments infamous, but now, REvil are recruiting new, professional hackers to do more attacks. To show off REvil’s capabilities, the group deposited 99 Bitcoin, worth about $1 million to entice new hackers.
“For your peace of mind and confidence, we have made a deposit of 1 million US dollars,” the hackers reportedly said online.
That deposit was designed to promote confidence in REvil, timed alongside a recruitment post targeting hackers that are skilled in penetration testing. In the post itself, REvil also detailed the software experience they were looking for: “Teams that already have experience and skills in penetration testing, working with msf / cs / koadic, nas / tape, hyper-v and analogues of the listed software and devices.”
This recruitment drive isn’t open to everybody, however. “All this is aimed at one thing – to increase the quality and quantity of waste material, which entails an increase in profits. But this does not mean that everyone will be accepted,” the group added on their online post.
Raj Samani, chief scientist at McAfee, described the group’s recruitment effort as a “very concerning development.”
Last year, McAfee analysis said that REvil is the newest iteration of the GandCrab hacker group, which has caused disruption in 23 organizations connected to local government in Texas previously.
“We executed an in-depth analysis comparing GandCrab and Sodinokibi and discovered a lot of similarities, indicating the developer of Sodinokibi had access to GandCrab source-code and improvements,” the McAfee study said.