REvil Ransomware (also known as Sodinokibi) is a sophisticated file-encrypting windows strain operated as RaaS (Ransomware as a Service). Since mid-April 2019, security researchers have been identifying persistent REvil Ransomware activity across different geographies.
At first, the malware propagated via vulnerabilities in Oracle WebLogic Server. Later, the malware started spreading through phishing and spam emails, RDP servers, and scan and exploit kits.
The ransomware is reportedly hitting organizations and demanding ransom in cryptocurrency to return the decryption key to unlock infected files. It is essential to know how the ransomware attacks and intrudes into information systems to encrypt critical data.
Read SISA’s security advisory to understand the history, background, and recent developments concerning REvil ransomware.
The advisory covers complete details about attack patterns, Indicators of Compromise (IoCs), and security measures to occlude REvil from intruding into information systems.