Репост из: Kompromat 2.0 in English REvil FAQ
Regarding REvil — we do not know anything about REvil that probably isnt already known.
1. «Who they are?» An alleged russian-based Threat Actor. Some rumor it to be a fork of Egregor/Maze?
2. «How many of them are there?», We do not know
3. «How do they work (choose targets for attack)?», We do not know. Some are probably the works of their affiliate program though.
4. «How are they connected to russian government/intelligence officials?», We do not know
Please expand on #3: what kind of affiliate program are they running?
They used to advertise fairly often on various forums, most notably https://t.co/GxRPAxCmYl. However, I believe they were banned from https://t.co/GxRPAxCmYl (or ransomware discussions in general were). They looked for ‘pentesters’. The summary is if someone breached a company and successfully executed their ransomware — REvil would negotiate with the company & give the affiliate a percentage of the ransom.