REvil hacking group says it has made more than $100m in a year
Gang behind Travelex hack says it hopes to earn $2 billion from ransomware as a service


Hackers behind the REvil ransomware have claimed to have made more than $100 million in one year from extorting large businesses.
Not satisfied with their ill-gotten wealth, the group wants to make $2 billion with its ransomware as a service business, a representative for the hacking group told a Russian tech blog, as reported by Bleeping Computer.
Russian blog OSNIT claims to have interviewed the REvil representative, who uses the aliases "UNKN" or "Unknown" on criminal forums, discussing some of the group's activities and its plans for the future.
The gang, which were first spotted in early 2019, operates an as-a-service model, where it supplies and manages file-encrypting malware to paying customers. For every successful ransomware attack using this service, the REvil group takes a cut of around 20-30%.
Customers are alleged to have success attacking airports, charities, and businesses across the globe over the past year. Attacks on law firm Grubman Shire Meiselas and Sacks in May, where large volumes of client data, most of which belonged to celebrities, was accessed.
However, the group's most high-profile attack was that against Travelex in January, which crippled its services for most of the year and is considered to be one of the reasons why the company went into administration in August.
According to Unknown, attackers using REvil ransomware took just three minutes to breach Travelex's systems by exploiting a vulnerability in Pulse Secure VPN. This, they said, was left unpatched for months despite a fix being available.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
REvil, which is short for 'Evil Ransomware', have used their stolen wealth to search for new distributors by depositing $1 million in bitcoin on a Russian forum. The move is designed to highlight how much profit can be made from ransomware in a bid to find "new blood" in the profession, according to Unknown.
RELATED RESOURCE
2020 Cyber Threat Intelligence (CTI) survey
How to measure the effectiveness of your CTI programme
The group initially made its money from encrypting files, including any backups, in an attempt to get victims to pay for its release. However, stealing and threatening to leak data on the web has proven to be a far more lucrative tactic over the last year, with companies more fearful of reputational damage than the financial cost. According to Unknown, this is now a primary tactic of the REvil group.
As for future activities, it was also claimed that affiliates have hit the network of a "major gaming company", which the group will reveal "soon".
Bobby Hellard is ITPro's Reviews Editor and has worked on CloudPro and ChannelPro since 2018. In his time at ITPro, Bobby has covered stories for all the major technology companies, such as Apple, Microsoft, Amazon and Facebook, and regularly attends industry-leading events such as AWS Re:Invent and Google Cloud Next.
Bobby mainly covers hardware reviews, but you will also recognize him as the face of many of our video reviews of laptops and smartphones.
-
Hackers breached a 158 year old company by guessing an employee password – experts say it’s a ‘pertinent reminder’ of the devastating impact of cyber crime
News A Panorama documentary exposed hackers' techniques and talked to the teams trying to tackle them
-
The ransomware boom shows no signs of letting up – and these groups are causing the most chaos
News Thousands of ransomware cases have already been posted on the dark web this year
-
Everything we know about the Ingram Micro cyber attack so far
News A cyber attack on Ingram Micro severely disrupted operations and has been claimed by the SafePay ransomware group.
-
A prolific ransomware group says it’s shutting down and giving out free decryption keys to victims – but cyber experts warn it's not exactly a 'gesture of goodwill'
News The Hunters International ransomware group is rebranding and switching tactics
-
Swiss government data published following supply chain attack – here’s what we know about the culprits
News Radix, a non-profit organization in the health promotion sector, supplies a number of federal offices, whose data has apparently been accessed.
-
Ransomware victims are getting better at haggling with hackers
News While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker group
News An analysis of May's SQL database dump shows how much LockBit was really making
-
‘I take pleasure in thinking I can rid society of at least some of them’: A cyber vigilante is dumping information on notorious ransomware criminals – and security experts say police will be keeping close tabs
News An anonymous whistleblower has released large amounts of data allegedly linked to the ransomware gangs