Ransomware
REvil/Sodinokibi
First seen: 2019-04 • Status: disrupted
Disrupted by Law Enforcement
REvil was a huge ransomware gang that attacked thousands of companies through Kaseya. Russia finally arrested them in 2022 after US pressure.
Overview
REvil was one of the most notorious ransomware groups, responsible for the Kaseya attack. Russian authorities arrested members in 2022.
Also Known As
REvil, Sodinokibi
How It Spreads
- • Supply chain attacks
- • RDP exploitation
- • Affiliates
What It Does
- • File encryption
- • Data theft
- • High ransom demands
Is your business exposed?
Target Platforms
Windows
Detection Tips
- • Historical threat - watch for rebrands
MITRE ATT&CK Techniques
T1486, T1567, T1195
If You're Infected
- 1.
Check for released decryptors
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required