THREAT ACTOR: REvil
REvil (Ransomware Evil, also known as Sodinokibi) is a private ransomware-as-a-service (RaaS) operation. After an attack, REvil would threaten to publish the information on their page 'Happy Blog' unless the ransom is received.
Incidents Associated with this Threat
- Supply Chain Attack Guidance Released July 2, 2021:
- Sweden’s Largest Supermarket Chain Closes Stores in Ransomware Attack July 2, 2021:
- January 21, 2020: German Automotive Parts Manufacturer Hit by Sodinokibi/REvil Ransomware Group
Malware Used by this Threat Actor
No malware identified for this threat actor.