MALWARE: REvil

The REvil (also known as Sodinokibi) ransomware was first identified on April 17, 2019. It is used by the financially motivated GOLD SOUTHFIELD threat group, which distributes ransomware via exploit kits, scan-and-exploit techniques, RDP servers, and backdoored software installers. Secureworks® Counter Threat Unit™ (CTU) analysis suggests that REvil is likely associated with the GandCrab ransomware due to similar code and the emergence of REvil as GandCrab activity declined. CTU™ researchers attribute GandCrab to the GOLD GARDEN threat group.

 

Incidents Caused by this Malware

  • May 30, 2021: Attack Shuts Operations of Global Meat Provider
  • October 3, 2020: Personal Information stolen and extortion attempt to Brasken facility
  • August 16, 2020: Brown-Forman Cyber Attack
  • July 23, 2020: Personal Information stolen and extortion attempt to Adif Transportation

Threat Actors Known to use this Malware

No threat actors identified

Pin It on Pinterest

Scroll to Top