REvil Ransomware AKA Sodinokibi (RaaS)

REvil Ransomware (also known as Sodinokibi) is a sophisticated file-encrypting windows strain operated as RaaS (Ransomware as a Service). Since mid-April 2019, security researchers have been identifying persistent REvil Ransomware activity across different geographies.

At first, the malware propagated via vulnerabilities in Oracle WebLogic Server. Later, the malware started spreading through phishing and spam emails, RDP servers, and scan and exploit kits.

The ransomware is reportedly hitting organizations and demanding ransom in cryptocurrency to return the decryption key to unlock infected files. It is essential to know how the ransomware attacks and intrudes into information systems to encrypt critical data.

Read SISA’s security advisory to understand the history, background, and recent developments concerning REvil ransomware.

The advisory covers complete details about attack patterns, Indicators of Compromise (IoCs), and security measures to occlude REvil from intruding into information systems.

Get your copy now!

Advisory - REvil Ransomware

First Name *

Last Name *

Company Name *

Designation *

Work Email *

Contact No. *

Country *

SISA is a forensics-driven cybersecurity company that helps secure businesses with robust preventive, detective and corrective security services and solutions. SISA offers products and services for risk assessment, security compliance and validation, monitoring and threat hunting, as well as training for various payment security certifications.

Industry recognition by CREST, CERT-In and SWIFT serves as a testament to our skill, knowledge, and competence.

With 2,000+ clients spread across 40+ countries, we leverage our learnings to provide true security, fanatic support and real business value to our customers.