The Bitdefender Threat Debrief (BDTD) is a monthly series analyzing ransomware news, trends, and research from the previous month. Read the debut issue (July 2021) here.
Highlight of the month: REvil a.k.a Sodinokibi
On September 16, our security researchers, in collaboration with a trusted law enforcement partner, released a universal decryptor to help victims of REvil ransomware recover their data. REvil is an example of a cybercrime group that prefers high-value targets because potential payouts are massive. Attacks are well-planned and professionally executed, and the group is likely based in the Commonwealth of Independent States region making it difficult for law enforcement to pursue and prosecute. With each paid ransom, they grow bigger and attack larger targets, further improving their methodology – and gaining more infamy. They claimed an annual revenue of $100 million USD.
On July 13, parts of REvil’s infrastructure went offline after their previous representative “UNKN” disappeared and was supposedly arrested. As criminal organizations like this have done in the past, security experts expected the group to re-emerge after some time, with a new name and improved tools.
Surprisingly, the group decided to return under the same name. REvil’s servers and supporting infrastructure recently came back online