One of the Deadliest Out There: REvil Ransomware

If you’re wondering who REvil is and why it is a big name in the world of cybersecurity, this edition of our Newsletter is for you!

REvil Ransomware, also famous as Sodinokibi, has been nefarious for its high-profile attacks since its discovery in 2019. It was one of the most active ransomware groups in 2021. This Ransomware gained the attention of law enforcement agencies after severe attacks, targeting critical industries such as Manufacturing, Legal, Finance, Insurance, Healthcare, and Transportation, causing supply shortages and business disruption.

REvil Ransomware is an example of Ransomware as a Service (RaaS) that originated from a Russian underground forum. REvil incorporated the double extortion technique into its schemes in 2020 by leveraging stolen files to pressure its victims into paying. Its operatives launched audacious operations against well-known individuals and institutions. It's noteworthy that REvil has a track of carrying out threats to expose stolen data on its specific leak site. Additionally, it also published critical data on underground blogs and forums.

On July 02, 2021, the REvil Ransomware group posted a message on their leak site in the darkweb, claiming that they had compromised Kaseya, an MSP provider. Kaseya, a complete IT solution management company, released a public media notice stating that their product VSA, dealing with remote monitoring & management, is under attack. To know more, watch Dhanalakshmi PK , Cyble's Senior Director - Malware and Intelligence Research, analyze the Kaseya VSA supply chain attack and dissect the REvil Ransomware through Sandbox Execution.

To know more, check out our blog wherein Cyble dissects the Kaseya VSA Supply Chain Attack by REvil Ransomware.

Not only was REvil widely distributed and highly active, but it also had a high success rate. Like other RaaS, this malware has been adapted to target different victims and delivered as a payload. 

Whether REvil’s attacks have completely subsided is still uncertain. However, in January 2022 a number of key individuals of this notorious ransomware group were detained. As per our research, REvil has not shown any activity since November 2022, and their leak site has remained unreachable since January 2023.

Additional Reading: Uncensored Interview with REvil / Sodinokibi Ransomware Operators 

For bespoke Ransomware Insights, get your hands on our latest Q4 2022 Ransomware Report which shows the growth of Ransomware attacks by 10% compared to the previous quarter and also outlines how Ransomware activities and operations have evolved over the last Quarter, Q4 2022.

Cyble Research and Intelligence Labs (CRIL) continues to provide interesting facts, updates, and insights about ransomware groups.

SUBSCRIBE to our Blog to stay abreast of the latest happenings in cybercrime.

If you're looking for niche cybersecurity insights, SUBSCRIBE to our Cybersecurity Journal today!

#cybersecurity #security #research #intelligence #cyberprotection #cybernews #cyberdefense #cyberresilience #cybercrime #ThreatActors #Malware #ransomware #cyber #darkweb #darkwebmonitoring #attacksurfacemanagement #cyberattacks #brandmonitoring #threatintelligence #threathunting #digitalriskprotection #attacksurface #ransomwareattacks #cyberattack #revil #REvil #manufacturing #legalservices #healthcare #financial #Insurance #hospitality #encryption #kaseya