REvil, also known as Sodinokibi, is a Russia-based or Russian-speaking ransomware-as-a-service (RaaS) operation that emerged in early 2019. This financially motivated group quickly gained prominence for executing high-profile attacks and employing a ruthless dual extortion strategy where they not only encrypt victim data but also exfiltrate sensitive information, threatening to publish it on their 'Happy Blog' darknet site unless a ransom is paid. The group is widely believed to be an evolution of the defunct GandCrab ransomware operation due to significant code similarities and the timing of its emergence. A notable distinguishing characteristic of REvil is its policy of avoiding targets within Commonwealth of Independent States (CIS) countries, a geographic carve-out often hardcoded into its malware. REvil was responsible for several high-impact incidents, including attacks against major meat supplier JBS and the Kaseya software company.

Sectores atacados

URLs nuevas detectadas en IntelTracker