Security news aggregator

Latest coverage for REvil

Coverage of REvil, a ransomware operation, includes reported incidents, technical analysis, disruption efforts, and defensive guidance.

1 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

REvil, also known as Sodinokibi, is a ransomware family and associated cybercriminal operation first reported in 2019. Its documented campaigns encrypted files and systems for extortion; in some cases, operators also claimed to steal data and threaten its release. REvil was widely described as using a ransomware-as-a-service model, with malware and infrastructure supplied to affiliates. Reporting under this tag may cover incident investigations, malware analysis, alleged victims, leak-site activity, law-enforcement disruption, and recovery tools.

For defenders, REvil reporting is relevant to vulnerability management, threat intelligence, and response planning. Organizations should prioritize patching internet-facing systems, enforcing multifactor authentication, restricting administrative privileges, segmenting critical networks, and maintaining isolated, tested backups. If REvil-related activity is suspected, preserve logs and affected systems for investigation, determine whether data was accessed or exfiltrated, and assess privacy or regulatory notification duties alongside containment and recovery.

Showing 1 most recent headlines Filtered view
Bank Info Security 2 years, 4 months ago

Russia Announces Arrest of Medibank Hacker Tied to REvil

3 Suspects Charged With Using Sugar Ransomware, Phishing Attacks Against RussiansRussian authorities have reportedly arrested three accused members of the SugarLocker ransomware-as-a-service operation. Their alleged crime? Targeting Russians, although one suspect has also been tied to a massive hack of Australian health insurer Medibank and subsequent data leak.