The REvil (also known as Sodinokibi) ransomware was first identified on April 17, 2019. It is used by the financially motivated GOLD SOUTHFIELD threat group, which distributes ransomware via exploit kits, scan-and-exploit techniques, RDP servers, and backdoored software installers. Secureworks Counter Threat Unit (CTU) analysis suggests that REvil is likely associated with the GandCrab ransomware due to similar code and the emergence of REvil as GandCrab activity declined. CTU researchers attribute GandCrab to the GOLD GARDEN threat group.
Incidents Caused by this Malware
- Sweden’s Largest Supermarket Chain Closes Stores in Ransomware Attack July 2, 2021:
- Attack Shuts Operations of Global Meat Provider May 30, 2021:
- March 25, 2021: REvil Ransomware Shut Down Multiple Plants at Asteelflash
- October 3, 2020: Personal Information stolen and extortion attempt to Brasken facility
- August 16, 2020: Brown-Forman Cyber Attack
- July 23, 2020: Personal Information stolen and extortion attempt to Adif Transportation