The REvil/Sodinokibi ransomware (AKA Sodin) is a great example of Ransomware-as-a-Service, a type of cybercrime where two parties collaborate on the hack: the code writers who create the ransomware, and the affiliates who distribute it and collect the payment.
Ransomware-as-a-Service is an illegal ‘parent-affiliate(s)’ business architecture in which operators (i.e., malicious software owner and/or creator) provide tools to affiliates (i.e., customers) for ransomware attacks.
REvil/Sodinokibi is a highly elusive ransomware that employs a unique social engineering technique in which those spreading its promises double the ransom if it is not paid within a specified number of days. This is why Sodinokibi ransomware represents a high risk for businesses of all sizes. Sodinokibi, also known as Sodin or REvil, quickly rose to become the world’s fourth most widely circulated ransomware, mostly targeting American and European businesses.
REvil Affiliates Arrested in Romania
DIICOT (the Romanian Directorate for Investigating Organized Crime and Terrorism) and judicial police officers searched four homes in Constanța, confiscating mobile devices (laptops, phones) and storage media.
The Bucharest Tribunal ordered pre-trial detention for the two REvil affiliates that will last for 30 days.
According to Europol (the European Union Agency for Law Enforcement Cooperation), the arrests are the result of operation