“REvil” Displays Power and Size With $1 Million Deposit on Forum

Last updated June 23, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

If there’s one sure way to convince potential affiliates that you mean serious business, that would be by “showing them the money.” REvil/Sodinokibi has just done that by depositing $1 million in Bitcoin on a Russian-speaking hacker forum, making their case-crystal clear. They are there to recruit capable hackers, and they have the financial resources to recompense the best of the best.

The message posted by the REvil group on the forum states a case of operational expansion for which they need talented advertisers and testers. The first category would be people who will go on dark web forums and markets, find interested individuals, and promote the REvil ransomware. The second category would be skillful and experienced penetration testers who can open or show the way to REvil infections.

The purpose of the deposit on this forum is to buy services or data dumps offered for sale there, so the platform is offering this system as a type of security escrow. Usually, though, hackers don’t deposit anything that goes way above a few hundred USD, as they cannot trust the forum’s operators. This is all happening in an entirely anonymous and also illicit context, so whatever securities and guarantees are provided are basically smoke and mirrors, and everybody involved knows that.

Depositing 99 Bitcoins on a hacker forum demonstrates REvil’s financial power, as dark web forums like this one may close down and “exit scam” at any time. That would be especially likely if someone suddenly added $1 million on their wallet.

This move underlines that for REvil, losing $1 million is not a big deal, as they have and continue to earn so much money by targeting large organizations and companies from around the globe. They have done this to draw attention and send a message across the entire community - and they’re willing to pay and even lose an absurd amount of money to achieve this goal.

REvil is a “Ransomware as a Service” (RaaS) that has had around 150,000 unique infections between Q3 and Q4 2019, using at least 148 distinct payloads and demanding ransoms of an average of $260,000. This size of operations is making REvil millions per week, and the group is following an upwards trend. As we can deduce from the present forum post, REvil is not going for more targeted operations yet, as they are still looking to extend their network and magnify their earnings.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: