REvil Ransomware AKA Sodinokibi (RaaS)

REvil Ransomware (also known as Sodinokibi) is a sophisticated file-encrypting windows strain operated as RaaS (Ransomware as a Service). Since mid-April 2019, security researchers have been identifying persistent REvil Ransomware activity across different geographies.

At first, the malware propagated via vulnerabilities in Oracle WebLogic Server. Later, the malware started spreading through phishing and spam emails, RDP servers, and scan and exploit kits.

The ransomware is reportedly hitting organizations and demanding ransom in cryptocurrency to return the decryption key to unlock infected files. It is essential to know how the ransomware attacks and intrudes into information systems to encrypt critical data.

Read SISA’s security advisory to understand the history, background, and recent developments concerning REvil ransomware.

The advisory covers complete details about attack patterns, Indicators of Compromise (IoCs), and security measures to occlude REvil from intruding into information systems.

Get your copy now!

Advisory - REvil Ransomware

First Name *

Last Name *

Company Name *

Designation *

Work Email *

Contact No. *

Country *

SISA is a global forensics-driven cybersecurity solutions company, trusted by leading organizations for securing their businesses with robust preventive, detective, and corrective cybersecurity solutions. Our problem-first, human-centric approach helps businesses strengthen their cybersecurity posture.

Industry recognition by CREST, CERT-In and PCI SSC serves as a testament to our skill, knowledge, and competence.

We apply the power of forensic intelligence and advanced technology to offer true security to 2,000+ customers in 40+ countries.