What is REvil ransomware?
REvil ransomware is one of the latest types of ransomware that has recently gained ground.
This malware is distributed through phishing emails, malicious links, and other social engineering methods.
REvil first appeared in 2019 and has been spreading until early 2022.
It is part of the Ransomware-as-a-Service (RaaS), known as Sodinokibi.
When did the REvil ransomware start?
Considering that this ransomware first surfaced in April 2019, its criminal history is not particularly extensive.
And it has now been shut down.
Who are the REvil hackers?
It took a lot of work to determine who the REvil ransomware hackers were.
In November 2021, INTERPOL announced a joint operation involving 19 agencies in 17 countries in relation to this ransomware, among other crimes:
‘GoldDust has disrupted a ransomware cybercrime gang and arrested seven suspects. The operation established a global threat picture about attacks by ransomware families, particularly GandCrab and REvil Sodinokibi.’
Who is behind REvil?
All theories and evidence suggest that the group behind REvil ransomware is Russian.
Joe Biden said in a White House statement about the INTERPOL operation:
‘When I met with President Putin in June, I made clear that the United States would take action to hold cybercriminals accountable. We are bringing the full strength of the federal government to disrupt malicious cyber activity and actors.’
Where did REvil originate?
According to experts, REvil ransomware, known as Sodinokibi, comes from Russia.
The study of the blockchain company Chainalysis reinforces the theory, as 74% of ransomware revenue in 2021 went to strains affiliated with Russia.
The UNIT 42 report indicates that REvil or Sodinokibi ransomware bears similarities with the GandCrab group:
‘In early 2019, the authors behind GandCrab announced that they were retiring as they had made enough money and done enough damage. However, around the same time, a new ransomware threat called REvil was emerging.’
