REvil/Sodinokibi Ransomware: Origin, Victims, Prevention Strategies

This post is also available in:

Danish

Cyberattacks have become a part of our reality, but have you ever wondered what might happen if your company gets targeted? You probably imagine that you would lose some money and a great deal of time, maybe fire an employee or too, lose a few clients and have your reputation tainted, or eventually even deal with a lawsuit. If these aren’t serious and bad enough for you to take cybersecurity seriously, let me tell you this: cyberattacks have also turned deadly.

What Is REvil Ransomware?

Discovered in April 2019, REvil/Sodinokibi ransomware (AKA Sodin) is a highly evasive and upgraded ransomware that encrypts files and deletes the ransom request message after infection. The message informs the victim that a bitcoin ransom must be paid and that if the ransom is not paid on time, the demand will double.

REvil is a perfect example of Ransomware-as-a-Service, a cybercrime that involves two groups teaming up for the hack: the code authors who develop the ransomware and the affiliates that spread it and collect the ransom. This aspect makes Sodinokibi ransomware dangerous for companies of all sizes. Also known as Sodin or REvil, Sodinokibi shortly became the 4th

Read More: https://heimdalsecurity.com/blog/sodinokibi-ransomware-101/