Security news aggregator

Latest coverage for REvil

Coverage of REvil, a ransomware operation, includes reported incidents, technical analysis, disruption efforts, and defensive guidance.

62 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

REvil, also known as Sodinokibi, is a ransomware family and associated cybercriminal operation first reported in 2019. Its documented campaigns encrypted files and systems for extortion; in some cases, operators also claimed to steal data and threaten its release. REvil was widely described as using a ransomware-as-a-service model, with malware and infrastructure supplied to affiliates. Reporting under this tag may cover incident investigations, malware analysis, alleged victims, leak-site activity, law-enforcement disruption, and recovery tools.

For defenders, REvil reporting is relevant to vulnerability management, threat intelligence, and response planning. Organizations should prioritize patching internet-facing systems, enforcing multifactor authentication, restricting administrative privileges, segmenting critical networks, and maintaining isolated, tested backups. If REvil-related activity is suspected, preserve logs and affected systems for investigation, determine whether data was accessed or exfiltrated, and assess privacy or regulatory notification duties alongside containment and recovery.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 62
Bank Info Security 3 months, 1 week ago

Breach Roundup: German Police Expose REvil, GandCrab Boss

Also, Medusa Ransomware, Grafana Flaw, German Political Party BreachThis week, German police unmasked a REvil leader, a critical Docker flaw, Medusa ransomware surged, DPRK hackers abused GitHub, Grafana AI bugs enabled data theft, scams hit $20B in the United States, Ivanti exploited and attacks hit Northern Ireland schools and a German political party.

An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotage and extortion against victims across the country between 2019 and 2021.

Bank Info Security 1 year, 8 months ago

Breach Roundup: S&P Says Poor Remediation A Material Risk

Also: Breaches at OnePoint Patient Care and French ISP FreeThis week: S&P said poor material vulnerability remediaton can be a material risk factor, OnePoint in the United States and French ISP Free suffered data breaches, a Russian court sentenced REvil members, Five Eyes published security guidelines for small businesses.

Bank Info Security 2 years, 2 months ago

Breach Roundup: REvil Hacker Gets Nearly 14-Year Sentence

Also: Another Ivanti Zero-Day? And FBI Calls for Strengthening DMARC PoliciesThis week, REvil hacker sentenced; ZDI saw possible Ivanti-zero-day; FBI said to strengthen DMARC policies; Okta saw surge in credential stuffing attacks; French hospital refused to pay ransom; JPMorgan, debt collection agency and healthcare company were breached; and ex-NSA employee was sentenced.

Bank Info Security 2 years, 4 months ago

Russia Announces Arrest of Medibank Hacker Tied to REvil

3 Suspects Charged With Using Sugar Ransomware, Phishing Attacks Against RussiansRussian authorities have reportedly arrested three accused members of the SugarLocker ransomware-as-a-service operation. Their alleged crime? Targeting Russians, although one suspect has also been tied to a massive hack of Australian health insurer Medibank and subsequent data leak.

Loading more headlines...