The REvil (also known as Sodinokibi) ransomware was first identified on April 17, 2019. It is used by the financially motivated GOLD SOUTHFIELD threat group, which distributes ransomware via exploit kits, scan-and-exploit techniques, RDP servers, and backdoored software installers. Secureworks Counter Threat Unit (CTU) analysis suggests that REvil is likely associated with the GandCrab ransomware due to similar code and the emergence of REvil as GandCrab activity declined. CTU researchers attribute GandCrab to the GOLD GARDEN threat group.


Incidents Caused by this Malware

  • July 2, 2021: Sweden’s Largest Supermarket Chain Closes Stores in Ransomware Attack
  • May 30, 2021: Attack Shuts Operations of Global Meat Provider
  • March 25, 2021: REvil Ransomware Shut Down Multiple Plants at Asteelflash
  • October 3, 2020: Personal Information stolen and extortion attempt to Brasken facility
  • August 16, 2020: Brown-Forman Cyber Attack
  • July 23, 2020: Personal Information stolen and extortion attempt to Adif Transportation

Threat Actors Known to use this Malware

No threat actors identified

Pin It on Pinterest

Scroll to Top
Scroll to Top