REvil ransomware is a malware that encrypts victims data and asks for a ransom just like any other ransomware. The threat usually asks the ransom in bitcoin that needs to be paid in a limited time if not the ransom amount will continue to rise.
Ransomware attacks have been in the evolving state and growing in numbers in recent years, especially after the WannaCry and Petya attack in 2017, the IT industry had faced several Ransomware attacks with numerous variants.
The REvil ransomware is found to be the new identity of Sodinokibi and GrandCrab ransomware, this isn’t official however since REvil is active only after shutting down GrandCrab and Sodinokibi the same is suspected.
Also, the codes are very much similar to each other which also adds to the suspicion. The name REvil came from Resident Evil and coined to be Ransom Evil with their code been re-written from a pre-existing software.
Unlike other ransomware operators, REvil didn’t operate alone they had strong affiliates, partners and fellow ransomware operators in partnership to develop the code, modify it, negotiate with the victim organization, threaten and add pressure to the victims, receive the ransom and send out the decryptor.
All these activities were carried out by multiple malicious bodies which work together for REvil and share the ransom among themselves automatically once the payment is made. This collaborative behavior made the REvil ransomware group efficient, lethal and powerful against western organizations.
Also, it is speculated that REvil ransomware members have their own custom made OS that is strong as Linux servers and is easy to evade the western cyberattacks that is launched to detect REvil ransomware members locations and IP addresses. It seems they are also aware of social engineering and other undercover operations performed by Europl, FBI, CISA, US secret service and other cybersecurity organizations using Russian speaking individuals.
REvil ransomware operators became active in 2019, and is found to be from Russia. The location is suspected as the ransomware group hasn’t targeted any Russian or Soviet -bloc companies so far. Also, REvil ransomware group seems to work with DarkSide ransomware operators (Europe-based hacking group) for their modus operandi.
REvil ransomware group works with affiliates to distribute their ransomware variant, these affiliates and the developers that worked on the REvil ransomware will get a share out of the ransom received from the victims.
The REvil ransomware is offered as a Ransomware-as-a-Service (RaaS) which can be bough by any buyers and can be used by them to breach organizations and for further infiltration.
The major victims of REvil ransomware group includes a supplier of the tech giant Apple which saw a breach in the tech companies future product schematics.
They have also targeted multiple bodies including Lady GaGa’s 2.4 GB data of legal documents, Acer, Quanta Computer, IVenergy, Kaseya VSA and its MSP clients. Their activity and breaches started from 2019 and existed till Jan 2022 before the Russian law enforcement arrested the hackers in Russia this week.
Just like any other ransomware attack, REvil starts with a phishing or spear phishing campaign, infecting devices and then deploying further payloads for infiltrating network deeper. REvil sometimes comes with a simple ransomware motive or double-extortion, where the data is encrypted and then stolen for other benefits.
Furthermore, in rare cases a triple extortion can also be seen, when the threat actors demand ransom from the victim and also their clients or users besides data theft.
REvil is better than other ransomware as it uses elliptical cryptography and has no triple scheme. This gives REvil an upper hand over other players in the market, however, they try to keep the dialogue between fellow threat actors to ensure they don’t target the same victim twice.
As per REvil’s interview with Cyble, they have less than 10 developers and more than 10 for pen-testing their program every time they launch a updated version.
REvil made 100 million dollars in profit as on July 2021 which is more than a Billion in Rubles (Russian Currency). Also, during the interview the REvil representative stated that they were able to breach a network in less than three minutes using just one vulnerability.
Brute force and RDP have been the best attack vector that REvil has used in recent times to breach a network and its devices.
Russia acted on these threat actors after multiple requests from Biden administration to Kremlin. The FSB agency of arrests performed the arrests after sweeping 25 different locations in Russian regions.
The arrests saw 14 members of REvil ransomware group being jailed with $5.5 million rubles, euro, dollars and cryptocurrency with 20 premium luxury cars.
Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, Instagram, Twitter and Reddit.
You can reach out to us via Twitter or Facebook, for any advertising requests.
Explore the top 5 best Microsoft Intune alternatives, comparing key features, user reviews, and capabilities…
Discover the top 7 smartphones of 2024 with best security features, offering privacy, performance, and…
Discover the top 11 log management tools for efficient system management and monitoring. Learn about…
Explore the top 5 threat intelligence tools, their features, and how they enhance cybersecurity against…
Explore the top 5 best PAM Tools, market trends, and expert insights to secure the…
Explore the top solutions for Apple Device Management including to iOS Device Management and macOS…