The Most Notorious Ransomware Gang Is Back
HTML-код
- Опубликовано: 19 ноя 2024
- REvil is back, but some of their new malware doesn't actually work? Maybe this means someone is impersonating REvil, maybe the Russian government hired new people to be REvil
investigation of REvil/Sodinokibi new malware
www.securework...
₿💰💵💲Help Support the Channel by Donating Crypto💲💵💰₿
Monero
45F2bNHVcRzXVBsvZ5giyvKGAgm6LFhMsjUUVPTEtdgJJ5SNyxzSNUmFSBR5qCCWLpjiUjYMkmZoX9b3cChNjvxR7kvh436
Bitcoin
3MMKHXPQrGHEsmdHaAGD59FWhKFGeUsAxV
Ethereum
0xeA4DA3F9BAb091Eb86921CA6E41712438f4E5079
Litecoin
MBfrxLJMuw26hbVi2MjCVDFkkExz8rYvUF
Dash
Xh9PXPEy5RoLJgFDGYCDjrbXdjshMaYerz
Zcash
t1aWtU5SBpxuUWBSwDKy4gTkT2T1ZwtFvrr
Chainlink
0x0f7f21D267d2C9dbae17fd8c20012eFEA3678F14
Bitcoin Cash
qz2st00dtu9e79zrq5wshsgaxsjw299n7c69th8ryp
Etherum Classic
0xeA641e59913960f578ad39A6B4d02051A5556BfC
USD Coin
0x0B045f743A693b225630862a3464B52fefE79FdB
Subscribe to my RUclips channel goo.gl/9U10Wz
and be sure to click that notification bell so you know when new videos are released.
mental outlaw is just happy about hackers demanding their ransom in monero
🤣 He's like finally some professionalism 🤣
that is hilarious
Professionals have standards
gotta respect quality when you see it 🤷♂️
True
Remember, ransomware can't encrypt your backups (if you don't have any) 🤣
@Locked It's not.
I accidentally put my infected hard drive next to my backup drive and the virus jumped
@@Gh0_-st Bella got me down bad fr
@@xx_gotadam_xx9457 check it now lol
@@Gh0_-st Bella?I think your og comment was deleted
My guess would be it's a peripheral member. Lots of hacking groups have clingers on who aren't necessarily the brains of the operation but they help out here and there. They probably had access to the code and site keys but weren't the main brain developing the Warez. Hence the stupid mistakes
Precisely. It's the scenario that makes the most sense
Idk if this holds up. Encrypting files is quite easy, not nearly as difficult as (in most cases, and assuming it is their modus operandi instead of say phishing) finding a critical bug and exploiting it to gain a foothold in the victims infrastructure.
Any and every russian hacking group should be expect to be run by the russian govt.
WinAPI is horrible to use, doesn't surprise me they would accidentally insert a bug like this tbh. Sometimes you have to check for 0/ERROR_SUCCESS, sometimes for TRUE, sometimes there's no return value at all...
Probably. After the sting that got much of the members arrested, I'm guessing the original crew are all rotting away in a dungeon somewhere. It's very likely the ones running the show now are either peripheral members or Russian government plants using the name, domain, and resources of this group they busted while not possessing the actual acumen to do it well. Similar to how you still see "Anonymous" hacking things to this day, even though all the original hackers of that group are serving sentences behind bars right now and the ones parading around with their name are just feds in disguise.
I like to think that since they "voluntarily" joined the govt, "mistakes" happens
"""""voluntarily"""""
It seems as though the state has absorbed them into scheming for the state. My guess is that in doing so the operators aren't as enthusiastic to perform on high levels for the state.
Maybe. Either you work for the state or you're literally left to rot in prison. Not hard to choose :/
comming yummy
that was my guess
Do a bit of research and you will find out what they was tightly related to govt from very begining
Doubtful. Fear of jail would keep them out and ensure they do things right if the government made such a promise with them. I doubt very seriously they'd commit a blunder that obvious for 'lack of enthusiasm', given the consequence of failure.
It's more likely those guys were never given any offer at all, that they are all still rotting away in a gulag somewhere, and that the Russian Federation who seized all their assets, domains, sites, etc. have most likely planted their own agents now to run it all and fool people into thinking REVIL is still an independent group when in reality, it's just a shell for government-sponsored cyber operations against chosen targets.
This isn't anything special or new. The intelligence agencies over here in the West do the same thing with hacking groups they bust. It's what happened to Anonymous after all the original members of that group got bagged and shipped off to federal prison, yet mysteriously the name is still somehow active years later, with "members" conducting cyber operations under it, though only ever against targets convenient for the government. It's a convenient tactic not to immediately shut down a criminal group (be it hacking or otherwise) once you've nabbed all its members, as the name brand and reputation can still be easily utilized while the state pulling the strings hides behind plausible deniability.
7-10 years in a Russian prison.... I'll take whatever deal they offer.
Better then sleeping in a room with a metal bed and a light constantly on
The text at the end of the video, written in Russian, is very, very reminiscent of what would have been issued by Google translator. I know what I'm talking about and I can say with 90% certainty that this is a fake.
Especially the last line is just hilarious "do you want to be with the most qualified ones or the losers".
might be opsec tho
you had me till “i know what im talking about”. just as cringey as what they said.
@@lanpartylandlord6123, you know, this expression is supposed to be a confirmation of my language affiliation. Not as if I used G-trans scan or something like that. Maybe it was cringeeey, tho.
@@veirant5004 youre right im an asshole
@@veirant5004 im sorry
How many of these "Russian Pro-Hackers" are just script kiddies living in their babushka's basement, serious question.
All of them.
Revil isn't a script kiddy group
@@testacals well, it wasn't before now at least.
most hackers are script kiddies, that's just how statistics goes in general.
this reminded me of the time when I got a ransomware that encrypted all my files but I got to recover them all just by removing the .qlkm file extension at the end of the filenames, I was surprised when everything was still intact, although it took me about ten hours to accomplish this across all my personal files (I didn't know that you could mass-rename files)
edit: I did this after reinstalling windows 10
big brain
oh no I have to pay 1 monero to rename my fucking files
lmao
It didn't encrypt your files then tf
@@surewhynot6259 nah, it sure did, as when I opened some text files of mine when I haven't actually reinstalled windows 10 yet (I did it via notepad in my installation USB), all the contents of all the text files have been replaced with absolute gibberish, my movie watchlist looked more like a list of hundreds of crypto wallet addresses
should've installed gentoo
Someone should tell these corporations that they have nothing to fear, if they have nothing to hide.
bruuuh what
Yeah, except their employee and client info that has personal information. Unless you just don't see employees as assets then you've already lost.
[sniff sniff sniff]
do you smell it ? a smelly smell of... honey...
Them using clearnet sites to store files was the only truly sus part to me, But I'd say thats a giveaway on it's own.
Ah yes. Ransomware which forgets to hold anything ransom.
Changing the file extension of a file is probably enough to make the default Windows user unable to use their files, because Windows won't recommend the right program to open the file anymore, which probably makes a lot of people unable to use their files.
Also there's a lot of software that just checks the file extension when it tries to detect what kind of file you want it to open.
A good example is that VLC would only play the audio of an mp4 file if you change it's extension to mp3. (dunno if that's still the case)
Kenny, what is the best way to backup a computer in case ransomware decides to hit?
How often should it be backed up?
Should the entire computer be backed up or just some essential documents?
Spread you cheeks and get ready… it’s coming for you Tom.
Oh no, but least we're getting paid. Right, Gray?
ZFS read-only snapshots
Let out for the war. You don't lock up your assets like this in a war.
Given the fact that water, electricity, railways etc is still on this is an uninformed argument. They could blackout Ukraine within minutes if they wanted, but that's not what they're in Ukraine for. Also, the Russian language they use is just as poor as the English they use.
@@imFruzzy X doubt
Btw the EU is also doing a “save the kids” act
"save muh kids"
@@marcogenovesi8570 haha
I think this one is legit though, the EU has been trying to enforce privacy laws on tech compagnies
@@Cocog232 no it never is, when they want to "save muh kids" it's always to push some innominable bs they can't call with its real name
@@Cocog232 Nah not really. They also have a draft aiming towards banning end-to-end encryption. Due to the pandemic suddenly all encrypted messaging is bad. For the EUs “save the childs act” they actually had the same draft two times and it got rejected so they changed the headline towards “saving the children” and that’s why it now passed.
Kenny has Monero's flags, t-shirts, shorts, socks and will name his son Monero :D
Hey you're probably not gonna see this but it would be good if you made a video about the chat control legislation proposal, literally no one in the media is talking about it and it would be good to spread awareness
A plausible explanation for the true/false bug would be that they accidentally mixed an internal test version that has been nerfed to not be harmful while it was being developed with the version that was meant to be sent out on attacks. Having said that, it does sound more likely it's someone else trying to take over the operation while keeping up appearances.
sounds legit. but why not just test the real code on a vm. Or they did this because its wont be detected so easily 😂
Or they could've made the virus to infect dummies who are too dump to go to the police and too dump to change the extention while smart ppl will just change the extension back instead of a whole investigation
Oh, so Condi can't exit VIM and Revil can't use preprocesor?
Their code is C, it's not that hard to drop #if DEBUG...
You get Epstein vibe, I get carrot with a stick feel.
KGB: "You help us your free"
Revil: "Fu"
KGB: "hello north Korea, need a hand here"
NK: "we have the best, you have dollars?"
KGB: "lots of rubles!"
NK: "Ok I have C- grade forced labor camp hackers..."
KGB: "sh... Ok that'll do 😑"
More like:
KGB: "You help us you free"
Revil: "Fu"
KGB: "Okay then, say hello to my friend SolderingIronUpYourAss"
Revil: "okay, okay, i yield"
"Algorithm bait, go!"
I always get jealous by the intelligence that these groups have. Like how do you get that smart? Lol 😂
They have probably been around computers longer then you have been able to walk it's just experience and they definitely have a above average intellect but it's most experience, right now there are probably skids thay can hardly code that in 10 years will be doing this kind of shit
@@IIIIII-ke3lo the hard part is finding people who aren't glowies, aren't fully retarded, and aren't going to run/snitch once paid.
The most successful red teams are completely anonymous and they don't know their counterparts. It's all trustless. Everything is done through anonymized means.
At the end of the day, it's just software development with extra opsec.
getting busted and now slave labor for the government of russia? Nah fam that's not intelligence
Funny story. I had this video downloaded and I was looking around my server and transfered the thumbnail to my computer just to see if my setup was working. Needless to say I shat my fking pants, dont do this to my heart Kenny
Any tips on best backup methods? Not sure if you have a video on that.
In this day and age knowing the difference between what's True and False is quite impressive.
Someone got their hands on the tools and infrastructure they used, but it's not them. They are all in a splendid vacation in Gulag resort
Spread the word around, the boys are back in town.
Glow nigga, it’s clearly not them.
This smacks of, "kgb say you do this for us and we trap others and let you go" ... creates code wrong, updates hints on website to inform people theyre compromised.
Were the hackers sentenced to a penatory hacking crusade?
Revil started glowing? 😎☀
4:34 is this the monero poster girl? I KNEEL! MY QUEEN!
Maybe the people who originally ran it sold it off for a pallet of smokes while in the grey bar motel.
Pretty crazy someone obtained control of the onion sites, and makes Russian speaking bad guys the boogie man... 🤔
i work at the company who used Kaseya VSA in Sweden, wouldn't suprise me if FSB is involved tbh
To me it seems like someone who doesnt really like them is trying to impersonate them, making them look bad with stupid mistakes
The Onion always was a comedy site, now they lowered themselves quite a bit.
Russian video hosting RuTube got hacked recently and there is a lot of information about it's codebase being wiped completely. Company says they have backups but they don't know how long it will take to recover from the attack.
Just a little inside from Russia : gf of one of guys from that group is dauther of high rank "ex" FSB officer...
This is why you should not drink a lot of vodka.
@Techies
With Ransomware. It locks you out of the computer. But can’t you just do a fresh format and you will not be locked anymore? Or is there Ransomware out there that won’t let you format and get rid of it?
To be fair changing file extensions is probably good enough to compromise window users
they dont even know what file extensions are because they get hidden on default.
@@xCwieCHRISxare they? I'm pretty sure they shoow up whenever you save a file, unless this is a windows 12 thing.
i have no idea what this video is about but cool
World most infamous hacker gang that was arrested last year in Russia, is still operative somehow.
@@HatTrex Hmm, I wonder why
This makes me think of games and software cracking groups being "back" but it's someone else using the name
I'm thinking, if the only valuable thing stolen is customer data, would it be cheaper to wait and just buy it back on a dark market than buying the decryption key and sending out emails to people to change their password? =)
Boys are back in town
evidently, its here.
In Russia criminal activity is only illegal if it's targetting russian entities. The Russian gouverment is very proud of them even more so now that the war has worsened relations further.
Sadists, all of them
Something to mention is that encrypting large capacity hard drive can take hours depending on size, speed of cpu+ram. So it's possible they only renamed the extension because a virus that encrypts the drives completely can be noticed quite easily (unless you do it slowly in the background) because it will lead a person to think there is something wrong with their machine since it will slow down considerably due to processing power being used up or even if they stumble upon a random file that was encrypted. Then turning off the machine to have their IT people check it...
It encrypts user files first along with files that are likely important. DB files, third party binaries, documents, etc. Then they go on to the rest of the system.
Well they would spend time in the network to discover the most sensitive files and encrypt those first then just encrypt as much as possible before getting detected.
I'm annoyed that they are using the name I've used for my FUD backdoor that's been one of my toy projects for the last 20 years.
Wait, does the WannaCry decryption toon at 0:31 actually exist?
Wow! Um, er they should have tested it out on a VM net first.
I think They are mostly working for Russia now, but they have no incentives to care if the code even working at all. Thus the bad performance.
Love your videos
anyone enjoying the new description layout?
what new description layout? i don't think i have it
i've heard about this months ago, but never see it, seem the same as always to me
It's bad imo
Or not all Revil members were arrested and this is the last dev tryna pay the bills lol
Putin : release the hackers from jail
Ahaha uploading to Mega? Lmao
Maybe this is a big-brain move, "if it was deleted it must have been real"!
One of their girlfriends probably had a backup of the source and is trying to make some money.
Better backup on Veracrypt.
I smell honeypot
What if my internet speed sucks
So they put out a ransomware that doesnt encrypt but changes filenames while you think everything is encrypted... that is trolling.. I dub thee Trollware
**Committing a federal crime**
MentalOutlaw: "It's good to see kids are using Monero very progressive."
It’s a ruse. They want everyone including LE to think they’re just a bunch of amateurs.
Wasn't their toolset leaked?
Resident Evil!?
Nice
Algorithm bait, go!
time to use Tails for anything lolol
Tails isn't super useful for anything except anonymous web browsing. Qubes is much more practical with a dead man switch.
bet you won't
Linux is sufficient.
I too believe REvil works for the Kremlin or suffered consequences for refusing
Is this the same group that got busted for holding their BTC in COINBASE?
No I think it was because one of their servers got backdoor by the feds
I keep my backup drive plugged into my computer ransomware can't get to it right it's a backup
the ones who got arrested were low level goons
Probably got forced and sabotaged it
Should i came back to linux? I've been comfortable with my Windows 7 install 😭😭
Definitely sus!
Mad Vlad has got to finance his littlle "special operation" in ukraine somehow.
m e g a, upload to me today, send me a file-o mega upload. MEEEEEEEEGA MEEEEEGA
Resident Evil
(Russian) Every Villain Is Lemons
I don't care, because I use the utopia ecosystem. I'm really safe here.
Guess who's back?
Algorithm
@Locked you too?
WE GET IT YOU TWATLING
o those guys
Comments are good
it could be that the og hackers were forced by the Russians to make this ransomware and they probably made an error by "mistake" cuz they didn't want Russia to use it on Ukrainian infrastructure which could cause some civilian deaths cuz let's be honest Putin isn't gonna use this to fuck with his ex🤣
You need to create a subreddit, for memes and tech tips, reason your following is a specific mindset of ppl.
reddit is fucking cringe gtfo
@@michaelbaron9995 At least he didn't ask for a discord too
@@michaelbaron9995 probably the "reason your following is a specific mindset of ppl" part, but reddit is just... bad
@@gone9820 Plume or something would be cool
Just go on 4chan if you are so eager to spend time with these inane people.
this isnt mental outlaw, he uses anime girls and dead memes in his thumbnails
I wonder how many of those russan hackers were killed in Ukraine tho.
Seems legit
cmon man, can't we just like and comment to hack the algorithm enough to get to 300k? >.
get algorithmed
Sus.
first
third
This is a le honeypot🤌
only time will tell and tree is defined by its fruit.