Home

REvil

REvil, also known as Sodinokibi, is a ransomware-as-a-service (RaaS) operation that emerged around 2019–2020. In this model, core operators develop the ransomware strains while affiliates deploy payloads against victims, sharing proceeds. The group is widely linked to a Russian-speaking cybercrime ecosystem, though its exact members have not been publicly confirmed.

REvil conducted high-profile attacks across multiple sectors, including technology, manufacturing, and other industries worldwide. In July

A hallmark of REvil was double extortion: criminals not only encrypted data but also exfiltrated it, threatening

In October 2021, REvil’s public infrastructure went offline following perceived law enforcement pressure and international actions,

Impact: REvil’s campaigns contributed to heightened ransomware awareness and spurred responses from incident responders, policymakers, and

2021,
a
supply-chain
compromise
through
Kaseya’s
VSA
remote
management
software
disrupted
thousands
of
endpoints.
In
May
2021,
the
group
attacked
JBS,
the
world’s
largest
meat
producer,
with
reports
indicating
a
multi-million-dollar
ransom,
often
cited
around
$11
million.
to
publish
stolen
information
on
their
dark
web
leak
site
if
victims
did
not
pay.
They
operated
a
negotiation
process
that
sometimes
offered
decryptors
and
leniency
in
data
leakage
as
part
of
ransom
terms.
and
the
group
later
claimed
to
have
terminated
operations.
Since
then,
there
have
been
occasional
reports
of
affiliates
rebranding
or
resurfacing
under
different
banners,
but
no
confirmed,
stable
revival
of
REvil
as
an
organized
operation.
law
enforcement
worldwide,
influencing
subsequent
strategies
to
deter
and
disrupt
ransomware
networks.