Security researcher Vitali Kremez, who works for a company known as Advanced Intelligence, pointed to the use of the material from a Coveware article, which originally said: "In Q2 2019, victims who paid for a decryptor recovered 92% of their encrypted data. This statistic varied dramatically depending on the ransomware type. For example, Ryuk ransomware has a relatively low data recovery rate, at ~87%, while Sodinokibi was close to 100%."
?#REvil vs #Ryuk #Ransomware Turf War: Competition & Rivalry Intensifies Surrounding Data Recovery— Vitali Kremez (@VK_Intel) March 24, 2021
In REvil note, they cite the report "[f]or example, Ryuk ransomware has a relatively low data recovery rate, at ~ 87%, while Sodinokibi was close to 100%. " pic.twitter.com/fC61Q28RFg
That last bit, "while Sodinokibi was close to 100%" has been removed by Coveware. The full post by the REvil actors said: "I suggest you read about us on the Internet, we are known as 'Sodinokibi ransomware". For example this article: https://www.coveware.com/blog/2019/7/15/ransomware-amounts-rise-3x-in-q2-as-ryuk-amp-sodinokibi-spread
"Pay attention to that: How Much Data Is Decrypted with a Ransomware Decryptor?"
"Now you have a guarantee that your files will be returned 100%"
Coveware posted a statement at the top of the article in question, saying: "We have been made aware that links to this blog post have been used by certain threat actors as advertisements, meant to legitimise or coerce victims into paying.
So which shot are you getting if they give you a choice? The Sodinokibi or the Ryuk or the Johnson & Johnson?— Ali on Insecurity (@AliSecurity) March 24, 2021
"We have notified law enforcement of this issue, and in no way do we condone the use of our data by criminals. DO NOT TRUST THE WORD OF CYBER CRIMINALS. As we note in our About Us page, use of our data by criminals is an unintended byproduct of our philosophy towards data transparency. Please Contact us if you have concerns or questions."
Fabian Wosar, the chief technology officer of New Zealand-headquartered Emsisoft, another outfit prominent in the fight against ransomware, responded to Kremez's tweet, saying: "Yeah, REvil has been using the Coveware articles as an advertisement for a while now."
A third poster, who uses the handle Ali on Insecurity, had a bit of fun, posting: "So which shot are you getting if they give you a choice? The Sodinokibi or the Ryuk or the Johnson & Johnson?"
His reference was to the COVID-19 vaccine made by Johnson & Johnson.