German authorities identify REvil and GandCrab ransomware bosses
The Federal Police in Germany (BKA) has identified two Russian nationals as the leaders of GandCrab and REvil ransomware operations between 2019 and 2021. [...]
Coverage of REvil, a ransomware operation, includes reported incidents, technical analysis, disruption efforts, and defensive guidance.
Search across headline titles and summaries.
Background for this topic.
REvil, also known as Sodinokibi, is a ransomware family and associated cybercriminal operation first reported in 2019. Its documented campaigns encrypted files and systems for extortion; in some cases, operators also claimed to steal data and threaten its release. REvil was widely described as using a ransomware-as-a-service model, with malware and infrastructure supplied to affiliates. Reporting under this tag may cover incident investigations, malware analysis, alleged victims, leak-site activity, law-enforcement disruption, and recovery tools.
For defenders, REvil reporting is relevant to vulnerability management, threat intelligence, and response planning. Organizations should prioritize patching internet-facing systems, enforcing multifactor authentication, restricting administrative privileges, segmenting critical networks, and maintaining isolated, tested backups. If REvil-related activity is suspected, preserve logs and affected systems for investigation, determine whether data was accessed or exfiltrated, and assess privacy or regulatory notification duties alongside containment and recovery.
Weekly headline count for the current query.
The Federal Police in Germany (BKA) has identified two Russian nationals as the leaders of GandCrab and REvil ransomware operations between 2019 and 2021. [...]
Four REvil ransomware members arrested in January 2022 were released by Russia on time served after they pleaded guilty to carding and malware distribution charges. [...]
Russia has sentenced four members of the REvil ransomware operation to over 4 years in prison for distributing malware and illegal circulation of means of payment. [...]
Yaroslav Vasinskyi, a Ukrainian national, was sentenced to 13 years and seven months in prison and ordered to pay $16 million in restitution for his involvement in the REvil ransomware operation. [...]
The Australian government has announced sanctions for Aleksandr Gennadievich Ermakov, a Russian national considered responsible for the 2022 Medibank hack and a member of the REvil ransomware group. [...]
The Australian government has announced sanctions for Aleksandr Gennadievich Ermakov, a Russian national considered responsible for the 2022 Medibank hack and a member of the REvil ransomware group. [...]
A ransomware gang that some believe is a relaunch of REvil and others track as BlogXX has claimed responsibility for last month's ransomware attack against Australian health insurance provider Medibank Private Limited. [...]
Cybersecurity researchers did not disappoint, with reports linking RansomCartel to REvil, on OldGremlin hackers targeting Russia with ransomware, a new data exfiltration tool used by BlackByte, a warning that ransomware actors are exploiting VMware vulnerabilities, and finally, our own report on the Venus Ransomware. [...]
Threat analysts have connected the pieces that link the Ransom Cartel RaaS (ransomware-as-a-service) to the REvil gang, one of the most notorious and prolific ransomware groups in recent years. [...]
Hackers commonly exploit vulnerabilities in corporate networks to gain access, but a researcher has turned the table by finding exploits in the most common ransomware and malware being distributed today. [...]
The notorious REvil ransomware operation has returned amidst rising tensions between Russia and the USA, with new infrastructure and a modified encryptor allowing for more targeted attacks. [...]
REvil ransomware's servers in the TOR network are back up after months of inactivity and redirect to a new operation that appears to have started since at least mid-December last year. [...]
The U.S. Department of Justice announced that alleged REvil ransomware affiliate, Yaroslav Vasinskyi, was extradited to the United States last week to stand trial for the Kaseya cyberattack. [...]