Skip to Content

Tag: REvil

 Q1 2022 Ransomware Roundup

As the new year has reached the end of its first quarter, it’s time for us to go back and take a look at all the most important ransomware-related events that happened during Q1 2022. The beginning of the year has shown that ransomware gangs have remained motivated—despite increased pressure from law enforcement—but we have […]

Ransomware Q4 Overview

2021 has finally come to an end and it is time for us to look back at some of the key ransomware-related stories and events that happened during Q4 2021. While most security professionals took advantage of the holiday season to rest and spend time with their families, the ransomware business remained highly active and […]

Making Sense of the REvil Arrests

On 14 January 2022, our seemingly quiet Friday afternoons were shattered by a piece of breaking news, detailing the arrest of several REvil (aka Sodinokibi) members. Ransomware members’ arrests are always welcomed – and even more so when they are followed by video evidence of the arrests (you gotta love them; shades of the Bourne […]

REvil Dead, And Other Spooky Security Tales

I can’t start off this blog with the R-word. You know the one. I’ve poked fun at it before because we say it so much. As an intel provider, we have to write the word a lot. Here’s a hint: It’s been a top news story for months and it’s been in a scene full […]

Ransomware Q3 Roll Up

We have reached the end of another quarter, and it is time again for us to have a look back at some of the key cyber events that happened during Q3 2021. The trend of ransomware being one of the most devastating threats to organizations has continued over the past three months. In this quarter, […]

REvil Domains Hijacked, Forum Representative Announces Group’s Intention to Go Offline

The ransomware group REvil (aka Sodinokibi) has been one of the most significant characters in the evolving ransomware drama that has been playing out over the past few years. The REvil ransomware variant was first detected in April 2019, and although the group initially focused on targeting Asia-based entities, the ransomware operators and associated affiliates […]

REvil: Analysis of Competing Hypotheses

Until the 13th of July, 2021, things appeared to be going as expected with the threat actors behind REvil (AKA Sodinokibi) ransomware. Then, suddenly, the fairly public group vanished. With them disappeared their notorious “Happy Blog,” payment page, and other infrastructure that supported their ransomware and extortion operations. That same day, their primary representative was […]

REvil Ransomware: What’s Next?

When ransomware hits the news cycle, and even the non-cyber security folk have questions, you know it’s gone big. This time it’s REvil again, and we can’t seem to escape it. The entire security community has been on fire over the last few days looking at what’s going on with REvil, along with any journalist […]