Ransomware Group

Sodinokibi/REvil

Also known as: REvil, Sodin

Status: inactive • First seen 2019-045,000+ known victims

REvil was one of the most famous ransomware gangs ever. They attacked a software company called Kaseya and through that single attack, they encrypted thousands of businesses around the world at once.

Overview

Sodinokibi, also known as REvil, was one of the most prolific ransomware-as-a-service operations. The group conducted the largest supply chain ransomware attack through Kaseya VSA, affecting thousands of businesses.

Target Industries

Technology, Legal, Manufacturing, Food & Beverage

How They Attack

  • Supply chain attacks
  • RaaS model
  • Double extortion
  • Affiliate program

Notable Victims

Kaseya (2021), JBS Foods (2021), Acer (2021), Quanta Computer (2021)

Is your business exposed?

How to Protect Against Sodinokibi/REvil

  1. 1.

    Implement supply chain security controls

  2. 2.

    Verify vendor security practices

  3. 3.

    Monitor for legacy REvil indicators

MITRE ATT&CK Techniques

T1195.002, T1486, T1567, T1078

Related Groups

Revil, Darkside, Blackmatter

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices