BlackCat Purveyor Shows Ransomware Operators Have Nine Lives
Members of BlackMatter, and possibly REvil, have likely resurfaced in the new ransomware-as-a-service group ALPHV, whose primary tool is the BlackCat malware.
Coverage of REvil, a ransomware operation, includes reported incidents, technical analysis, disruption efforts, and defensive guidance.
Search across headline titles and summaries.
Background for this topic.
REvil, also known as Sodinokibi, is a ransomware family and associated cybercriminal operation first reported in 2019. Its documented campaigns encrypted files and systems for extortion; in some cases, operators also claimed to steal data and threaten its release. REvil was widely described as using a ransomware-as-a-service model, with malware and infrastructure supplied to affiliates. Reporting under this tag may cover incident investigations, malware analysis, alleged victims, leak-site activity, law-enforcement disruption, and recovery tools.
For defenders, REvil reporting is relevant to vulnerability management, threat intelligence, and response planning. Organizations should prioritize patching internet-facing systems, enforcing multifactor authentication, restricting administrative privileges, segmenting critical networks, and maintaining isolated, tested backups. If REvil-related activity is suspected, preserve logs and affected systems for investigation, determine whether data was accessed or exfiltrated, and assess privacy or regulatory notification duties alongside containment and recovery.
Members of BlackMatter, and possibly REvil, have likely resurfaced in the new ransomware-as-a-service group ALPHV, whose primary tool is the BlackCat malware.