In brief

  • REvil, a Russian hacker group, has put about $1 million worth of Bitcoin online.
  • The move was part of the group's effort to entice new hackers to their cause.
  • McAfee analysis suggest the group is connected to GandCrab, who targeted local government organisations in Texas last year.

The REvil hacker group, otherwise known as Sodinokibi, deposited $1 million worth of Bitcoin on a Russian hacker forum on September 28, 2020. The move was done as part of a public recruitment effort. 

Ransomware attacks involve software that freeze computers and demand a fee be paid to allow the device to function as normal once again. The 2017 WannaCry attack made ransomware attacks requesting Bitcoin payments infamous, but now, REvil are recruiting new, expert hackers to carry out more attacks. To show off REvil’s capabilities, the group deposited 99 Bitcoin, worth about $1 million to entice new hackers.

“For your peace of mind and confidence, we have made a deposit of 1 million US dollars,” the hackers reportedly said online. 

That deposit was seemingly designed to promote confidence in REvil, timed alongside a recruitment post targeting hackers that are skilled in penetration testing. In the post itself, REvil also detailed the software experience they were searching for: “Teams that already have experience and skills in penetration testing, working with msf / cs / koadic, nas / tape, hyper-v and analogues of the listed software and devices.” 

This recruitment drive isn’t open to everyone, however. “All this is aimed at one thing - to increase the quality and quantity of waste material, which entails an increase in profits. But this does not mean that everyone will be accepted,” the group continued on their online post. 

Raj Samani, chief scientist at McAfee, described the group’s recruitment effort as a “very concerning development.” 

McAfee found links between REvil and GandCrab, who targeted the US government last year. Image: Shutterstock

Last year, McAfee analysis suggested that REvil is the newest iteration of the GandCrab hacker group, which has previously caused disruption in 23 organizations connected to local government in Texas. 

“We executed an in-depth analysis comparing GandCrab and Sodinokibi and discovered a lot of similarities, indicating the developer of Sodinokibi had access to GandCrab source-code and improvements,” the McAfee study said.