REvil (aka Sodinokibi) is a ransomware family that has been targeting numerous organizations and wreaking havoc. It was first identified in early-2019 and used by the GOLD SOUTHFIELD threat group. The ransomware can spread via exploit kits, RDP servers, backdoored software installers, and scan-and-exploit methods.
The cyber devil
In the last two months, ransomware has targeted multiple sectors including IT, government, healthcare, real estate, energy and power, manufacturing, and financial services.
- REvil has targeted several organizations such as the Grande do Sul court system, Milanese, Quanta, Pierre Fabre, Asteelflash electronics, and Acer.
- A large number of the attacks were observed in North America targeting the U.S.-based organizations, while other regions including Africa, France, Italy, and Mexico were impacted.
- The group is employing the infamous double extortion technique where it threatens to leak sensitive information of victim organizations to put additional pressure.
- In addition, the ransomware group is known for its big ransom demands. It recently demanded a whopping 50 million USD ransom from the IT giant Apple.
Recent updates to the ransomware
REvil operators keep updating their tactics to make the ransomware more efficient and effective.
- Ransomware was updated to enable it to change the login password, which allows its operators to automate file encryption using safe mode.
- A month ago, a new sample was found, in which operators had refined its new Safe Mode encryption method.
Final Thoughts
With its smart hacking tactics and techniques, REvil seems to be an unstoppable threat. The actors behind this ransomware keep updating it to make it more efficient. Thus, organizations should proactively apply adequate security measures to stay protected.
