Bitcoin surcharge and chat support: analysts find out how REvil hackers interact with victims

July 20, 2021


Bitcoin surcharge and chat support analysts find out how REvil hackers interact with victims
Elliptic has published new research demonstrating how the REvil hacker group communicates with a victim of ransomware.

The analysts looked at one of REvil's attacks as an example. After infecting a computer system, the victim received ransom demands with a link to the victim's so-called Tor page, which contained follow-up instructions.

The hackers demanded $50,000 in Monero to decrypt the files, doubling the amount if the ransom was not paid on time. On the page, the attackers posted information on where to purchase the cryptocurrency and to which address to send it.


The victim could contact the extortionists via the chat support tab. In the Elliptic case, the victim claimed that the amount demanded was too high. In response, the REvil representative offered a 20% discount. As a result of negotiations, the ransom price was reduced to $25,000.

The victim also asked for the payment to be made in bitcoin rather than Monero. A REvil spokesman said this was possible, but with a 10% surcharge.

"This demonstrates the increased risk REvil faces when accepting payments in bitcoin due to its traceability," Elliptic said.

Once the ransomware is paid, the victim's page is updated to show access to the decryptor. Elliptic stressed that there is no guarantee of getting such a tool from the attackers even after the hackers receive the payment.

REvil then split the coins received and send them to many different wallets and mix them with bitcoins from other sources to launder the funds. They are subsequently withdrawn via exchanges and the darknet market.

Revil send coin to victom

The researchers noted that they are passing the information on to law enforcement, exchanges and financial institutions to identify cryptocurrencies and wallets associated with cybercriminals to prevent the ability to cash out.

Recall that in July REvil hackers hacked thousands of companies in an attack on US software developer Kaseya and demanded a $70 million ransom in bitcoins. On the night of 13 July, the group's darknet sites suddenly went offline.

The Tron Wallet is a wallet that you have to have. So many features it is like a mini device not a wallet. Market prices, address book (amazing), participate search feature (cannot live without) easy to use, secure, cream of the crop.

About the author

Hi there, my name is Zalman Weinberg. I'm enthusiast with over 7 years of experience in cryptocurrencies and blockchain. Professional Trader providing Blockchain solutions to Startups and Enterprises. Expert in all cryptocurrency exchange APIs (BitMEX, Bittrex, Binance, Bitfinex, Kraken, Poloniex, Gdax etc.). I have also worked with multiple Forex broker APIs.

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}