REvil Ransomware | Everything you want to know

In this article we are going to see about the infamous REvil ransomware

REvil is an ambitious criminal ransomware-as-a-service (RAAS) enterprise that first came to prominence in April 2019. The REvil group is also known sometimes by other names such as Sodin and Sodinokibi. It has emerged as one of the world’s most notorious ransomware operators. In just the past month, it extracted an $11 million payment from the world’s largest meatpacking company, demanded $5 million from a Brazilian medical diagnostics company, and launched a large-scale attack on dozens, perhaps hundreds, of companies that use IT management software from Kaseya VSA.

What is REvil Ransomware | Cybervie

REvil has gained a reputation for attempting to extort far larger payments from its corporate victims than that typically seen in other attacks. It is actively promoted underground cybercrime forums as the best choice for attacking business networks where there is more money to be made than infecting home users’ computers.

Aside from the many high-profile companies and organizations who have fallen foul of REvil, it is stealing data from the computers and networks of its victims before they are encrypted. This is a technique of applying additional pressure on victims which is becoming more and more commonplace.

REvil Ransomware | Cybervie

If the ransom isn’t paid in the provided time REvil threatens to release the stolen data by auctioning it on its own website “Happy Blog”.

The “Happy Blog” lists recent victims of REvil, attaching a sample of the stolen data as proof that information has been exfiltrated from an organization. The REvil gang even offers a “trial” decryption to prove to the victim that their files can be decrypted.

A countdown timer indicates when data leaks will be made public, applying more pressure to companies debating how they should respond.

REvil ransomware | Cybervie

Restoring Data

Although the firm could restore their data from a secure backup and can get the site up and running. But the catch here is that the criminals still have the company’s data. The data can be sold to someone on the dark web and could leak some sensitive information about the firm, and even if the hackers are unable to sell the data, still incalculable damage can be done to an organization’s brand and business relationships.


REvil is one of the most prominent providers of ransomware as a service (RaaS). This criminal group provides adaptable encryptors and decryptors, infrastructure and services for negotiation communications, and a leak site for publishing stolen data when victims don’t pay the ransom demand. For these services, REvil takes a percentage of the negotiated ransom price as their fee. Affiliates of REvil often use two approaches to persuade victims into paying up: They encrypt data so that organizations cannot access information, use critical computer systems or restore from backups, and they also steal data and threaten to post it on a leak site a tactic known as double extortion.

How does REvil ransomware infect one’s organization?

There are a variety of methods an attacker could use to plant the malware. These include exploiting a vulnerability to gain access to a computer on your company’s network, spear-phishing, or exploiting a third-party business partner.

In some cases, the attack may actually come from a client or partner who has already fallen victim to the hackers.

Paying ransom or not

This ultimately is a decision that only the firm can make. One needs to bear in mind that the more companies that pay a ransom, the more likely it is that criminals will launch similar attacks in the future. At the same time, firms may feel that their business needs to make the difficult but pragmatic decision to pay the criminals if it feels that there is no other way around. Informing law enforcement agencies about the incident and work with them to help them investigate who might be behind the attacks.

Either be it is a firm or an individual person, one should always keep one thing in mind: paying the ransom does not necessarily mean you have erased the security problems that allowed you to be infected in the first place. If you don’t find out what went wrong and why and fix it, then you could easily fall victim to further cybercrime attacks in the future.


  • The company should be making secure offsite backups.
  • Employees should be running up-to-date security solutions and ensuring that their computers are protected with the latest patches against newly-discovered vulnerabilities.
  • Hard-to-crack, unique passwords should be used to protect sensitive data and accounts as well as enabling multi-factor authentication.
  • The company should be encrypting your sensitive data wherever possible.
  • Educating and informing staff about risks and the methods used by cybercriminals to electronically infiltrate organizations.
Share the Post...

About Cybervie

Cybervie provides best cyber security training program in hyderabad, India.This cyber security course enables you to detect vulnerablities of a system, wardoff attacks and manage emergency situations. Taking a proactive approach to security that can help organisations to protect their data, Cybervie has designed its training module based on the cyber security industry requirements with three levels of training in both offensive and defensive manner, and use real time scenarios which can help our students to understand the market up-to its standard certification which is an add on advantage for our students to stand out of competition in an cyber security interview.

More Info – Click Here

Recent Posts

Follow Us on Youtube

Cyber Security Training Program 2020

Cyber security Course offered by Cybervie prepares students for a path of success in a highly demanding and rapidly growing field of cyber security. The course is completely designed with an adaptable mindset, where the program allows the student to complete the course work at their own pace while being able to complete weekly assignments. Hence, also making it convenient for busy working professionals to pursue the training to help them advance their career in cyber security.

Cybervie has designed the training module based on the cyber security industry requirements in both offensive and defensive manner, using real time scenarios which help our students to understand the market standards.

Sign up for our Newsletter

Interested in Cyber Security Training Program 2020 – Click Here

Open chat
Hello 👋
How can we help you?