win.revil (Back to overview)


aka: Sodinokibi, Sodin

Actor(s): Pinchy Spider


REvil Beta
MD5: bed6fc04aeb785815744706239a1f243
SHA1: 3d0649b5f76dbbff9f86b926afbd18ae028946bf
SHA256: 3641b09bf6eae22579d4fd5aae420476a134f5948966944189a70afd8032cb45
* Privilege escalation via CVE-2018-8453 (64-bit only)
* Rerun with RunAs to elevate privileges
* Implements a requirement that if "exp" is set, privilege escalation must be successful for full execution to occur
* Implements target whitelisting using GetKetboardLayoutList
* Contains debug console logging functionality
* Defines the REvil registry root key as SOFTWARE\!test
* Includes two variable placeholders in the ransom note: UID & KEY
* Terminates processes specified in the "prc" configuration key prior to encryption
* Deletes shadow copies and disables recovery
* Wipes contents of folders specified in the "wfld" configuration key prior to encryption
* Encrypts all non-whitelisted files on fixed drives
* Encrypts all non-whitelisted files on network mapped drives if it is running with System-level privileges or can impersonate the security context of explorer.exe
* Partially implements a background image setting to display a basic "Image text" message
* Sends encrypted system data to a C2 domain via an HTTPS POST request (URI path building is not implemented.)
REvil 1.00
MD5: 65aa793c000762174b2f86077bdafaea
SHA1: 95a21e764ad0c98ea3d034d293aee5511e7c8457
SHA256: f0c60f62ef9ffc044d0b4aeb8cc26b971236f24a2611cb1be09ff4845c3841bc
* Adds 32-bit implementation of CVE-2018-8453 exploit
* Removes console debug logging
* Changes the REvil registry root key to SOFTWARE\recfg
* Removes the System/Impersonation success requirement for encrypting network mapped drives
* Adds a "wipe" key to the configuration for optional folder wiping
* Fully implements the background image setting and leverages values defined in the "img" configuration key
* Adds an EXT variable placeholder to the ransom note to support UID, KEY, and EXT
* Implements URI path building so encrypted system data is sent to a C2 pseudo-random URL
* Fixes the function that returns the victim's username so the correct value is placed in the stats JSON data
REvil 1.01
MD5: 2abff29b4d87f30f011874b6e98959e9
SHA1: 9d1b61b1cba411ee6d4664ba2561fa59cdb0732c
SHA256: a88e2857a2f3922b44247316642f08ba8665185297e3cd958bbd22a83f380feb
* Removes the exp/privilege escalation requirement for full execution and encrypts data regardless of privilege level
* Makes encryption of network mapped drives optional by adding the "-nolan" argument
REvil 1.02
MD5: 4af953b20f3a1f165e7cf31d6156c035
SHA1: b859de5ffcb90e4ca8e304d81a4f81e8785bb299
SHA256: 89d80016ff4c6600e8dd8cfad1fa6912af4d21c5457b4e9866d1796939b48dc4
* Enhances whitelisting validation by adding inspection of GetUserDefaultUILanguage and GetSystemDefaultUILanguage
* Partially implements "lock file" logic by generating a lock filename based on the first four bytes of the Base64-decoded pk key, appending a .lock file extension, and adding the filename to the list of whitelisted files in the REvil configuration (It does not appear that this value is referenced after it is created and stored in memory. There is no evidence that a lock file is dropped to disk.)
* Enhances folder whitelisting logic that take special considerations if the folder is associated with "program files" directories
* Hard-codes whitelisting of all direct content within the Program Files or Program Files x86 directories
* Hard-codes whitelisting of "sql" subfolders within program files
* Encrypts program files sub-folders that does not contain "sql" in the path
* Compares other folders to the list of whitelisted folders specified in the REvil configuration to determine if they are whitelisted
* Encodes stored strings used for URI building within the binary and decodes them in memory right before use
* Introduces a REvil registry root key "sub_key" registry value containing the attacker's public key
REvil 1.03
MD5: 3cae02306a95564b1fff4ea45a7dfc00
SHA1: 0ce2cae5287a64138d273007b34933362901783d
SHA256: 78fa32f179224c46ae81252c841e75ee4e80b57e6b026d0a05bb07d34ec37bbf
* Removes lock file logic that was partially implemented in 1.02
* Leverages WMI to continuously monitor for and kill newly launched processes whose names are listed in the prc configuration key (Previous versions performed this action once.)
* Encodes stored shellcode
* Adds the -path argument:
* Does not wipe folders (even if wipe == true)
* Does not set desktop background
* Does not contact the C2 server (even if net == true)
* Encrypts files in the specified folder and drops the ransom note
* Changes the REvil registry root key to SOFTWARE\QtProject\OrganizationDefaults
* Changes registry key values from --> to:
* sub_key --> pvg
* pk_key --> sxsP
* sk_key --> BDDC8
* 0_key --> f7gVD7
* rnd_ext --> Xu7Nnkd
* stat --> sMMnxpgk
REvil 1.04
MD5: 6e3efb83299d800edf1624ecbc0665e7
SHA1: 0bd22f204c5373f1a22d9a02c59f69f354a2cc0d
SHA256: 2ca64feaaf5ab6cf96677fbc2bc0e1995b3bc93472d7af884139aa757240e3f6
* Leverages PowerShell and WMI to delete shadow copies if the victim's operating system is newer than Windows XP (For Windows XP or older, it uses the original command that was executed in all previous REvil versions.)
* Removes the folder wipe capability
* Changes the REvil registry root key to SOFTWARE\GitForWindows
* Changes registry key values from --> to:
* pvg --> QPM
* sxsP --> cMtS
* BDDC8 --> WGg7j
* f7gVD7 --> zbhs8h
* Xu7Nnkd --> H85TP10
* sMMnxpgk --> GCZg2PXD
REvil v1.05
MD5: cfefcc2edc5c54c74b76e7d1d29e69b2
SHA1: 7423c57db390def08154b77e2b5e043d92d320c7
SHA256: e430479d1ca03a1bc5414e28f6cdbb301939c4c95547492cdbe27b0a123344ea
* Add new 'arn' configuration key that contains a boolean true/false value that controls whether or not to implement persistence.
* Implements persistence functionality via registry Run key. Data for value is set to the full path and filename of the currently running executable. The executable is never moved into any 'working directory' such as %AppData% or %TEMP% as part of the persistence setup. The Reg Value used is the hardcoded value of 'lNOWZyAWVv' :
* SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lNOWZyAWVv
* Before exiting, REvil sets up its malicious executable to be deleted upon reboot by issuing a call to MoveFileExW and setting the destination to NULL and the flags to 4 (MOVEFILE_DELAY_UNTIL_REBOOT). This breaks persistence however as the target executable specified in the Run key will no longer exist once this is done.
* Changes registry key values from --> to:
* QPM --> tgE
* cMtS --> 8K09
* WGg7j --> xMtNc
* zbhs8h --> CTgE4a
* H85TP10 --> oE5bZg0
* GCZg2PXD --> DC408Qp4
REvil v1.06
MD5: 65ff37973426c09b9ff95f354e62959e
SHA1: b53bc09cfbd292af7b3609734a99d101bd24d77e
SHA256: 0e37d9d0a7441a98119eb1361a0605042c4db0e8369b54ba26e6ba08d9b62f1e
* Updated string decoding function to break existing yara rules. Likely the result of the blog posted by us.
* Modified handling of network file encryption. Now explicitly passes every possible "Scope" constant to the WNetOpenEnum function when looking for files to encrypt. It also changed the 'Resource Type" from RESOURCETYPE_DISK to RESOURCETYPE_ANY which will now include things like mapped printers.
* Persistence registry value changed from 'lNOWZyAWVv' to 'sNpEShi30R'
* Changes registry key values from --> to:
* tgE --> 73g
* 8K09 --> vTGj
* xMtNc --> Q7PZe
* CTgE4a --> BuCrIp
* oE5bZg0 --> lcZd7OY
* DC408Qp4 --> sLF86MWC
REvil v1.07
MD5: ea4cae3d6d8150215a4d90593a4c30f2
SHA1: 8dcbcbefaedf5675b170af3fd44db93ad864894e
SHA256: 6a2bd52a5d68a7250d1de481dcce91a32f54824c1c540f0a040d05f757220cd3

M-Trends 2023
QUIETEXIT AppleJeus Black Basta BlackCat CaddyWiper Cobalt Strike Dharma HermeticWiper Hive INDUSTROYER2 Ladon LockBit Meterpreter PartyTicket PlugX QakBot REvil Royal Ransom SystemBC WhisperGate
Malware analysis: part 7. Yara rule example for CRC32. CRC32 in REvil ransomware
2023-01-30CheckpointArie Olshtein
Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware
Agent Tesla Azorult Buer Cerber Cobalt Strike Emotet Formbook HawkEye Keylogger Loki Password Stealer (PWS) Maze NetWire RC Remcos REvil TrickBot
Extortion Economics - Ransomware’s new business model
BlackCat Conti Hive REvil AgendaCrypt Black Basta BlackCat Brute Ratel C4 Cobalt Strike Conti Hive Mount Locker Nokoyawa Ransomware REvil Ryuk
2022-07-27Trend MicroBuddy Tancio, Jed Valderama
Gootkit Loader’s Updated Tactics and Fileless Delivery of Cobalt Strike
Cobalt Strike GootKit Kronos REvil SunCrypt
2022-06-13SecurityScorecardVlad Pasca
A Detailed Analysis Of The Last Version Of REvil Ransomware (Download PDF)
2022-05-09SecureworksCounter Threat Unit ResearchTeam
REvil Development Adds Confidence About GOLD SOUTHFIELD Reemergence
2022-05-09MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker BRONZE STARLIGHT
2022-05-01Bleeping ComputerLawrence Abrams
REvil ransomware returns: New malware sample confirms gang is back
2022-05-01Github (k-vitali)Vitali Kremez
REvil Reborn Ransom Config
2022-04-20Bleeping ComputerIonut Ilascu
REvil's TOR sites come alive to redirect to new ransomware operation
2022-04-12ConnectWiseConnectWise CRU
Threat Profile: REvil
2022-04-04Bankinfo SecurityJeremy Kirk
The Ransomware Files, Episode 6: Kaseya and REvil
2022-03-24United States SenateU.S. Senate Committee on Homeland Security & Governmental Affairs
America's Data Held Hostage: Case Studies in Ransomware Attacks on American Companies
2022-03-24United States SenateU.S. Senate Committee on Homeland Security & Governmental Affairs
New Portman Report Demonstrates Threat Ransomware Presents to the United States
2022-03-23splunkShannon Davis
Gone in 52 Seconds…and 42 Minutes: A Comparative Analysis of Ransomware Encryption Speed
Avaddon Babuk BlackMatter Conti DarkSide LockBit Maze Mespinoza REvil Ryuk
2022-03-17SophosTilly Travers
The Ransomware Threat Intelligence Center
ATOMSILO Avaddon AvosLocker BlackKingdom Ransomware BlackMatter Conti Cring DarkSide dearcry Dharma Egregor Entropy Epsilon Red Gandcrab Karma LockBit LockFile Mailto Maze Nefilim RagnarLocker Ragnarok REvil RobinHood Ryuk SamSam Snatch WannaCryptor WastedLocker
2022-03-17Trend MicroTrend Micro Research
Navigating New Frontiers Trend Micro 2021 Annual Cybersecurity Report
REvil BazarBackdoor Buer IcedID QakBot REvil
2022-03-16Red CanaryBrian Donohue, Laura Brosnan
Uncompromised: When REvil comes knocking
2022-03-09Department of JusticeOffice of Public Affairs
Sodinokibi/REvil Ransomware Defendant Extradited to United States and Arraigned in Texas
2022-02-23splunkShannon Davis, SURGe
An Empirically Comparative Analysis of Ransomware Binaries
Avaddon Babuk BlackMatter Conti DarkSide LockBit Maze Mespinoza REvil Ryuk
2022-02-14DarktraceOakley Cox
Staying ahead of REvil’s Ransomware-as-a-Service business model
REvil REvil
2022-01-27ANALYST1Jon DiMaggio
A History of Revil
REvil REvil
2022-01-19BlackberryThe BlackBerry Research & Intelligence Team
Kraken the Code on Prometheus
Prometheus Backdoor BlackMatter Cerber Cobalt Strike DCRat Ficker Stealer QakBot REvil Ryuk
2022-01-14Advanced IntelligenceYelisey Boguslavskiy
Storm in "Safe Haven": Takeaways from Russian Authorities Takedown of REvil
REvil REvil
Unlawful Activities of Members of an Organized Criminal Community were suppressed
REvil REvil
2021-12-20Trend MicroTrend Micro Research
Ransomware Spotlight: REvil
REvil REvil
2021-11-17BBCJoe Tidy
Evil Corp: 'My hunt for the world's most wanted hackers'
REvil REvil
2021-11-16Trend MicroTrend Micro
Global Operations Lead to Arrests of Alleged Members of GandCrab/REvil and Cl0p Cartels
REvil Clop Gandcrab REvil
2021-11-16IronNetIronNet Threat Research, Joey Fitzpatrick, Morgan Demboski, Peter Rydzynski
How IronNet's Behavioral Analytics Detect REvil and Conti Ransomware
Cobalt Strike Conti IcedID REvil
2021-11-10BlackberryCodi Starks, Ryan Chapman
REvil Under the Microscope
GootKit REvil
2021-11-10RT on the RussianAleksey Polyakov, Alena Goinskaya, Ekaterina Suslova, Elizaveta Koroleva
"He does not get in touch": what is known about Barnaul, wanted by the FBI on charges of cybercrime
REvil REvil
Five Affiliates to Sodinokibi/REvil Unplugged
2021-11-08DIICOT (Romanian Directorate for Investigating Organized Crime and Terrorism)DIICOT (Romanian Directorate for Investigating Organized Crime and Terrorism)
Press release 2 08.11.2021
REvil REvil
2021-11-08U.S. Department of the TreasuryU.S. Department of the Treasury
Treasury Continues to Counter Ransomware as Part of Whole-of-Government Effort; Sanctions Ransomware Operators and Virtual Currency Exchange (Yaroslav Vasinskyi & Yevgeniy Polyanin)
REvil REvil
2021-11-08U.S. Department of the TreasuryU.S. Department of the Treasury
Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments
REvil REvil
2021-11-08Department of JusticeDepartment of Justice
Indictment of Yevgeniy Polyanin, one off the REvil affliates
REvil REvil
2021-11-08Department of JusticeDepartment of Justice
Ukrainian Arrested and Charged with Ransomware Attack on Kaseya
REvil REvil
WANTED poster for Yevhgyeniy Polyanin (REvil affiliate)
REvil REvil
2021-11-08The RecordCatalin Cimpanu
US arrests and charges Ukrainian man for Kaseya ransomware attack
REvil REvil
2021-11-08KrebsOnSecurityBrian Krebs
REvil Ransom Arrest, $6M Seizure, and $10M Reward
REvil REvil
2021-11-08Department of JusticeDepartment of Justice
Indictment of Yaroslav Vasinskyi (REvil affiliate)
REvil REvil
Identification of a new cybercriminal group: Lockean
DoppelPaymer Egregor Maze PwndLocker REvil
2021-10-28BR.DEHakan Tanriverdi, Maximilian Zierer
Mutmaßlicher Ransomware-Millionär identifiziert
REvil REvil
Identification of a new cyber criminal group: Lockean
Cobalt Strike DoppelPaymer Egregor Maze PwndLocker QakBot REvil
2021-10-25KELAVictoria Kivilevich
Will the REvil Story Finally be Over?
REvil REvil
2021-10-22ReutersChristopher Bing, Joseph Menn
EXCLUSIVE Governments turn tables on ransomware gang REvil by pushing it offline
REvil REvil
“Page Not Found”: REvil Darknet Services Offline After Attack Last Weekend
REvil REvil
2021-10-22HUNT & HACKETTKrijn de Mik
Advanced IP Scanner: the preferred scanner in the A(P)T toolbox
Conti DarkSide Dharma Egregor Hades REvil Ryuk
REvil Disappears Again: ‘Something Is Rotten in the State of Ransomware’
REvil REvil
2021-10-17Bleeping ComputerLawrence Abrams
REvil ransomware shuts down again after Tor sites were hijacked
REvil REvil
2021-10-12CrowdStrikeCrowdStrike Intelligence Team
ECX: Big Game Hunting on the Rise Following a Notable Reduction in Activity
Babuk BlackMatter DarkSide REvil Avaddon Babuk BlackMatter DarkSide LockBit Mailto REvil
2021-10-11AccentureAccenture Cyber Threat Intelligence
Moving Left of the Ransomware Boom
REvil Cobalt Strike MimiKatz RagnarLocker REvil
2021-10-05Trend MicroByron Gelera, Fyodor Yarochkin, Janus Agcaoili, Nikko Tamana
Ransomware as a Service: Enabler of Widespread Attacks
Cerber Conti DarkSide Gandcrab Locky Nefilim REvil Ryuk
Russian hacker Q&A: An Interview With REvil-Affiliated Ransomware Contractor
REvil REvil
REvil’s “Cryptobackdoor” Con: Ransomware Group’s Tactics Roil Affiliates, Sparking a Fallout
2021-09-23Bleeping ComputerIonut Ilascu
REVil ransomware devs added a backdoor to cheat affiliates
2021-09-22SecureworksCounter Threat Unit ResearchTeam
REvil Ransomware Reemerges After Shutdown; Universal Decryptor Released
REvil REvil
2021-09-21Washington PostEllen Nakashima, Rachel Lerman
FBI held back ransomware decryption key from businesses to run operation targeting hackers
2021-09-14CrowdStrikeCrowdStrike Intelligence Team
Big Game Hunting TTPs Continue to Shift After DarkSide Pipeline Attack
BlackMatter DarkSide REvil Avaddon BlackMatter Clop Conti CryptoLocker DarkSide DoppelPaymer Hades REvil
2021-09-07Bleeping ComputerLawrence Abrams
REvil ransomware's servers mysteriously come back online
2021-09-03IBMAndrew Gorecki, Camille Singleton, John Dwyer
Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight
Valak QakBot REvil
2021-08-30CrowdStrikeEric Loui, Josh Reynolds
CARBON SPIDER Embraces Big Game Hunting, Part 1
Bateleur Griffon Carbanak DarkSide JSSLoader PILLOWMINT REvil
2021-08-25GoggleHeadedHacker BlogJacob Pimental
Reverse Engineering Crypto Functions: RC4 and Salsa20
See REvil again?! See how hackers use the same encryption ransomware program REvil to annihilate the attack evidence
2021-08-15SymantecThreat Hunter Team
The Ransomware Threat
Babuk BlackMatter DarkSide Avaddon Babuk BADHATCH BazarBackdoor BlackMatter Clop Cobalt Strike Conti DarkSide DoppelPaymer Egregor Emotet FiveHands FriedEx Hades IcedID LockBit Maze MegaCortex MimiKatz QakBot RagnarLocker REvil Ryuk TrickBot WastedLocker
2021-08-11BleepingComputerLawrence Abrams
Kaseya's universal REvil decryption key leaked on a hacking forum
REvil Master Key for Kaseya Attack Posted to XSS
2021-08-05KrebsOnSecurityBrian Krebs
Ransomware Gangs and the Name Game Distraction
DarkSide RansomEXX Babuk Cerber Conti DarkSide DoppelPaymer Egregor FriedEx Gandcrab Hermes Maze RansomEXX REvil Ryuk Sekhmet
2021-08-04Trend MicroJanus Agcaoili, Jessie Prevost, Joelson Soares, Ryan Maglaque
Supply Chain Attacks from a Managed Detection and Response Perspective
2021-08-02The RecordDmitry Smilyanets
An interview with BlackMatter: A new ransomware group that’s learning from the mistakes of DarkSide and REvil
DarkSide LockBit REvil
2021-07-31Bleeping ComputerLawrence Abrams
BlackMatter ransomware gang rises from the ashes of DarkSide, REvil
DarkSide REvil
2021-07-28Digital ShadowsPhoton Research Team
REvil: Analysis of Competing Hypotheses
REvil REvil
2021-07-27Recorded FutureInsikt Group®
BlackMatter Ransomware Emerges As Successor to DarkSide, REvil
DarkSide LockBit REvil
2021-07-27Youtube (SANS Institute)John Hammond, Katie Nickels
SANS Threat Analysis Rundown - Kaseya VSA attack
Chatter Indicates BlackMatter as REvil Successor
2021-07-27Twitter (@fwosar)Fabian Wosar
Tweet on new REvil variant
2021-07-25Youtube (AhmedS Kasmani)AhmedS Kasmani
Analysis of Malware from Kaseya/Revil Supply Chain attack.
2021-07-22Bleeping ComputerLawrence Abrams
Kaseya obtains universal decryptor for REvil ransomware victims
2021-07-20Huntress LabsJohn Hammond
Security Researchers’ Hunt to Discover Origins of the Kaseya VSA Mass Ransomware Incident
REvil Revealed - Tracking a Ransomware Negotiation and Payment
REvil REvil
2021-07-15YouTube ( DuMp-GuY TrIcKsTeR)Jiří Vinopal
Fast API resolving of REvil Ransomware related to Kaseya attack
2021-07-14Advanced IntelligenceAdvIntel Security & Development Team, Yelisey Boguslavskiy
REvil Vanishes From Underground - Infrastructure Down
2021-07-13Bleeping ComputerLawrence Abrams
REvil ransomware gang's web sites mysteriously shut down
2021-07-13Threat PostLisa Vaas
Ransomware Giant REvil’s Sites Disappear
REvil REvil
2021-07-09The RecordCatalin Cimpanu
Ransomwhere project wants to create a database of past ransomware payments
Egregor Mailto Maze REvil
2021-07-09Twitter (@SophosLabs)SophosLabs
Tweet on speed at which Kaseya REvil attack was conducted
2021-07-09cyjaxwilliam thomas
REvil-ution – A Persistent Ransomware Operation
2021-07-08GigamonJoe Slowik
Observations and Recommendations from the Ongoing REvil-Kaseya Incident
2021-07-08KELAVictoria Kivilevich
Ransomware Gangs are Starting to Look Like Ocean’s 11
Kaseya: Another Massive Heist by REvil
2021-07-07TrustwaveNikita Kazymirskyi, Rodel Mendrez
Diving Deeper Into the Kaseya VSA Attack: REvil Returns and Other Hackers Are Riding Their Coattails
Cobalt Strike REvil
2021-07-07ElasticJamie Butler
Elastic Security prevents 100% of REvil ransomware samples
2021-07-07CrowdStrikeKaran Sood, Liviu Arsene
How CrowdStrike Falcon Stops REvil Ransomware Used in the Kaseya Attack
2021-07-07NetskopeGustavo Palazolo
Netskope Threat Coverage: REvil
2021-07-07Twitter (@resecurity_com)Resecurity
Tweet REvil attack chain used against Kaseya
2021-07-06paloalto Networks Unit 42John Martineau
Understanding REvil: The Ransomware Gang Behind the Kaseya Attack
Gandcrab REvil
2021-07-06CybereasonTom Fakterman
Cybereason vs. REvil Ransomware: The Kaseya Chronicles
2021-07-06CrowdStrikeAdam Meyers
The Evolution of PINCHY SPIDER from GandCrab to REvil
Gandcrab REvil
2021-07-06TRUESECAlexander Andersson
How the Kaseya VSA Zero Day Exploit Worked
2021-07-06splunkSplunk Threat Research Team
REvil Ransomware Threat Research Update and Detections
2021-07-06Twitter (@_alex_il_)Alex Ilgayev
Tweet on REvil ransomware actor using vulnerable defender executable in its infection flow in early may before Kaseya attack
Kaseya Supply Chain Ransomware Attack - Technical Analysis of the REvil Payload
REvil ransomware attack against MSPs and its clients around the world
Kaseya supply chain attack delivers mass ransomware
Real-Time Prevention of the Kaseya VSA Supply Chain REvil Ransomware Attack
2021-07-05splunkRyan Kovar
Kaseya, Sera. What REvil Shall Encrypt, Shall Encrypt
2021-07-05Twitter (@SophosLabs)SophosLabs
Tweet with a REvil ransomware execution demo
2021-07-05Twitter (@R3MRUM)R3MRUM
Twitter thread with additional context on C2 domains found in REvil configuration
CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack
REvil REvil
2021-07-04TRUESECFabio Viggiani
Kaseya supply chain attack targeting MSPs to deliver REvil ransomware
2021-07-04Twitter (@svch0st)Zach
Tweet on #Kaseya detection tool for detecting REvil
2021-07-04SophosAnand Ajjan, Mark Loman, Sean Gallagher
Independence Day: REvil uses supply chain exploit to attack hundreds of businesses
Kaseya VSA Detection Tool
Uncensored Interview with REvil / Sodinokibi Ransomware Operators
REvil REvil
Updates Regarding VSA Security Incident
2021-07-03SymantecThreat Hunter Team
Kaseya Ransomware Supply Chain Attack: What You Need To Know
2021-07-03Palo Alto Networks Unit 42Unit 42
Threat Brief: Kaseya VSA Ransomware Attack
2021-07-03Twitter (@LloydLabs)Lloyd
Twitter Thread on Revil sideloading DLL used in Kaseya attack
2021-07-03Medium DoublepulsarKevin Beaumont
Kaseya supply chain attack delivers mass ransomware event to US companies
2021-07-03Twitter (@fwosar)Fabian Wosar
Twitter thread on REvil's cryptographic scheme
2021-07-02The RecordCatalin Cimpanu
REvil ransomware gang executes supply chain attack via malicious Kaseya update
2021-07-02Twitter (@SyscallE)SeAccessCheck
Tweet on Revil dropper used in Kaseya attack
2021-07-02Github (fwosar)Fabian Wosar
REvil configuration dump used in Kaseya attack
2021-07-02Twitter (@VK_intel)Vitali Kremez
Tweet on Revil ransomware analysis used in Kaseya attack
2021-07-02Huntress LabsHuntress Labs
Crticial Ransomware Incident in Progress
2021-07-02VelzartNiels den Hild
Ransomware attack
2021-07-02Bleeping ComputerLawrence Abrams
REvil ransomware hits 1,000+ companies in MSP supply-chain attack
2021-07-01AT&T CybersecurityFernando Martinez, Ofer Caspi
REvil’s new Linux version
REvil REvil
2021-07-01DomainToolsChad Anderson
The Most Prolific Ransomware Families: A Defenders Guide
REvil Conti Egregor Maze REvil
2021-06-30Advanced IntelligenceAdvIntel Security & Development Team, Brandon Rudisel, Yelisey Boguslavskiy
Ransomware-&-CVE: Industry Insights Into Exclusive High-Value Target Adversarial Datasets
BlackKingdom Ransomware Clop dearcry Hades REvil
2021-06-30SophosTilly Travers
MTR in Real Time: Hand-to-hand combat with REvil ransomware chasing a $2.5 million pay day
2021-06-30Group-IBOleg Skulkin
REvil Twins Deep Dive into Prolific RaaS Affiliates' TTPs
Cobalt Strike REvil
2021-06-30Sophos SecOpsTilly Travers
What to expect when you’ve been hit with REvil ransomware
2021-06-28Twitter (@AdamTheAnalyst)AdamTheAnalyst
Tweet on suspected REvil exfiltration (over RClone FTP) server
REvil REvil
2021-06-23Medium s2wlabSojun Ryu
Deep analysis of REvil Ransomware
2021-06-22SecureworksCounter Threat Unit ResearchTeam
LV Ransomware
2021-06-16ProofpointDaniel Blackford, Garrett M. Graff, Selena Larson
The First Step: Initial Access Leads to Ransomware
BazarBackdoor Egregor IcedID Maze QakBot REvil Ryuk TrickBot WastedLocker TA570 TA575 TA577
2021-06-15Trend MicroByron Gelera, Earle Earnshaw, Janus Agcaoili, Miguel Ang, Nikko Tamana
Ransomware Double Extortion and Beyond: REvil, Clop, and Conti
Clop Conti REvil
2021-06-11SophosLabs UncutAnand Ajjan, Andrew Brandt, Hajnalka Kope, Mark Loman, Peter Mackenzie
Relentless REvil, revealed: RaaS as variable as the criminals who use it
2021-06-10HUNT & HACKETTKrijn de Mik
REvil: the usage of legitimate remote admin tooling
2021-06-09Palo Alto Networks Unit 42Doel Santos
Prometheus Ransomware Gang: A Group of REvil?
Hakbit Prometheus REvil
2021-06-08Advanced IntelligenceVitali Kremez, Yelisey Boguslavskiy
From QBot...with REvil Ransomware: Initial Attack Exposure of JBS
QakBot REvil
2021-06-02Bleeping ComputerLawrence Abrams
FBI: REvil cybergang behind the JBS ransomware attack
Introducing The Most Profitable Ransomware REvil
Gandcrab REvil
2021-06-02CrowdStrikeHeather Smith, Josh Dalman
Under Attack: Protecting Against Conti, DarkSide, REvil and Other Ransomware
DarkSide Conti DarkSide REvil
2021-05-28Twitter (@Jacob_Pimental)Jacob Pimental
Tweet on REvil ver 2.07
2021-05-25Medium s2wlabDenise Dasom Kim, Hyunmin Suh, Jungyeon Lim
W4 May | EN | Story of the week: Ransomware on the Darkweb
Babuk REvil
2021-05-20Digital ShadowsStefano De Blasi
Ransomware-as-a-Service, Rogue Affiliates, and What’s Next
DarkSide DarkSide REvil
2021-05-20CrowdStrikejoshua fraser
Response When Minutes Matter: When Good Tools Are Used for (R)Evil
2021-05-18The RecordCatalin Cimpanu
Darkside gang estimated to have made over $90 million from ransomware attacks
DarkSide DarkSide Mailto Maze REvil Ryuk
2021-05-18Bleeping ComputerIonut Ilascu
DarkSide ransomware made $90 million in just nine months
DarkSide DarkSide Egregor Gandcrab Mailto Maze REvil Ryuk
2021-05-14The RecordCatalin Cimpanu
Darkside ransomware gang says it lost control of its servers & money a day after Biden threat
DarkSide Avaddon REvil
2021-05-13Bleeping ComputerLawrence Abrams
Popular Russian hacking forum XSS bans all ransomware topics
DarkSide DarkSide LockBit REvil
2021-05-12KasperskyDmitry Galov, Ivan Kwiatkowski, Leonid Bezvershenko
Ransomware world in 2021: who, how and why
Babuk REvil
DarkSide Ransomware Links to REvil Group Difficult to Dismiss
DarkSide REvil
Intelligence Report on Ransomware Gangs on the DarkWeb: List of victim organizations attacked by ransomware gangs released on the DarkWeb
RansomEXX Avaddon Babuk Clop Conti Cuba DarkSide DoppelPaymer Egregor Hades LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker Nefilim Nemty Pay2Key PwndLocker RagnarLocker Ragnarok RansomEXX REvil Sekhmet SunCrypt ThunderX
2021-05-08Twitter (@Jacob_Pimental)Jacob Pimental
Tweet on CyberChef recipe to extract Revil Ransomware configuration
2021-05-06BlackberryBlackBerry Research and Intelligence team
Threat Thursday: Dr. REvil Ransomware Strikes Again, Employs Double Extortion Tactics
2021-05-06Cyborg SecurityBrandon Denker
Ransomware: Hunting for Inhibiting System Backup or Recovery
Avaddon Conti DarkSide LockBit Mailto Maze Mespinoza Nemty PwndLocker RagnarLocker RansomEXX REvil Ryuk Snatch ThunderX
2021-05-02GoggleHeadedHacker BlogJacob Pimental
Sodinokibi Ransomware Analysis
2021-04-28IBMLimor Kessem
The Sodinokibi Chronicles: A (R)Evil Cybercrime Gang Disrupts Organizations for Trade Secrets and Cash
Ransomware Attack Vectors Shift as New Software Vulnerability Exploits Abound
Avaddon Clop Conti DarkSide Egregor LockBit Mailto Phobos REvil Ryuk SunCrypt BlogCorsin Camichel
Ransomware and Data Leak Site Publication Time Analysis
Avaddon Babuk Clop Conti DarkSide DoppelPaymer Mespinoza Nefilim REvil
2021-04-23CNBCEamon Javers
Axis of REvil: What we know about the hacker collective taunting Apple
2021-04-20Bleeping ComputerSergiu Gatlan
REvil gang tries to extort Apple, threatens to sell stolen blueprints
2021-03-29The DFIR ReportThe DFIR Report
Sodinokibi (aka REvil) Ransomware
Cobalt Strike IcedID REvil
2021-03-24CiscoCaitlin Huey, David Liebenberg
Quarterly Report: Incident Response trends from Winter 2020-21
Egregor REvil WastedLocker
2021-03-24Twitter (@VK_intel)Vitali Kremez
Tweet on REvil ransomware
2021-03-19Bleeping ComputerLawrence Abrams
REvil ransomware has a new ‘Windows Safe Mode’ encryption mode
2021-03-17Palo Alto Networks Unit 42Unit42
Ransomware Threat Report 2021
RansomEXX Dharma DoppelPaymer Gandcrab Mailto Maze Phobos RansomEXX REvil Ryuk WastedLocker
2021-03-16The RecordDmitry Smilyanets
‘I scrounged through the trash heaps… now I’m a millionaire:’ An interview with REvil’s Unknown
CL0P and REvil Escalate Their Ransomware Tactics
Clop REvil
2021-03-01TechtargetRob Wright
Ransomware negotiations: An inside look at the process
2021-03-01Group-IBOleg Skulkin, Roman Rezvukhin, Semyon Rogachev
Ransomware Uncovered 2020/2021
RansomEXX BazarBackdoor Buer Clop Conti DoppelPaymer Dridex Egregor IcedID Maze PwndLocker QakBot RansomEXX REvil Ryuk SDBbot TrickBot Zloader
2021-02-28PWC UKPWC UK
Cyber Threats 2020: A Year in Retrospect
elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team
2021-02-26CrowdStrikeEric Loui, Sergei Frankoff
Hypervisor Jackpotting: CARBON SPIDER and SPRITE SPIDER Target ESXi Servers With Ransomware to Maximize Impact
DarkSide RansomEXX Griffon Carbanak Cobalt Strike DarkSide IcedID MimiKatz PyXie RansomEXX REvil
X-Force Threat Intelligence Index 2021
Emotet QakBot Ramnit REvil TrickBot
2021 Global Threat Report
RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER
CTIL Darknet Report – 2021
Conti Mailto Maze REvil Ryuk
2021-02-02CRONUPGermán Fernández
De ataque con Malware a incidente de Ransomware
Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DanaBot Dharma Dridex Egregor Emotet Empire Downloader FriedEx GootKit IcedID MegaCortex Nemty Phorpiex PwndLocker PyXie QakBot RansomEXX REvil Ryuk SDBbot SmokeLoader TrickBot Zloader
2021-02-01AhnLabASEC Analysis Team
BlueCrab ransomware, CobaltStrike hacking tool installed in corporate environment
Cobalt Strike REvil
2021-01-28AhnLabASEC Analysis Team
BlueCrab ransomware constantly trying to bypass detection
Cobalt Strike REvil
2021-01-26Trend MicroTrend Micro Research
Examining a Sodinokibi Attack
2021-01-21InfoSec Handlers Diary BlogXavier Mertens
Powershell Dropping a REvil Ransomware
2021-01-04KELAAlmog Zoosman, Victoria Kivilevich
Darknet Threat Actors Are Not Playing Games with the Gaming Industry
2021-01-01AcronisAlexander Koshelev, Ravikant Tiwari
Taking Deep Dive into Sodinokibi Ransomware
2020-12-16AccenturePaul Mansfield
Tracking and combatting an evolving danger: Ransomware extortion
DarkSide Egregor Maze Nefilim RagnarLocker REvil Ryuk SunCrypt
2020-12-16DragosCamille Singleton, IBM SECURITY X-FORCE, Selena Larson
Assessing Ransomware and Extortion Activities Impacting Industrial Organizations: Ransomware in ICS Environments
Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data
PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim REvil Ryuk Zeus
2020-12-09FireEyeMitchell Clarke, Tom Hall
It's not FINished The Evolving Maturity in Ransomware Operations (SLIDES)
Cobalt Strike DoppelPaymer QakBot REvil
2020-12-03KELAVictoria Kivilevich
Easy Way In? 5 Ransomware Victims Had Their Pulse Secure VPN Credentials Leaked
2020-12-01Trend MicroRyan Flores
The Impact of Modern Ransomware on Manufacturing Networks
Maze Petya REvil
2020-11-30Malwarebyteshasherezade, Jérôme Segura
German users targeted with Gootkit banker or REvil ransomware
GootKit REvil
2020-11-30FireEyeMitchell Clarke, Tom Hall
It's not FINished The Evolving Maturity in Ransomware Operations
Cobalt Strike DoppelPaymer MimiKatz QakBot REvil
2020-11-18Bleeping ComputerLawrence Abrams
REvil ransomware hits hosting provider, 500K ransom
2020-11-18KELAVictoria Kivilevich
Zooming into Darknet Threats Targeting Japanese Organizations
Conti DoppelPaymer Egregor LockBit Maze REvil Snake
2020-11-16Intel 471Intel 471
Ransomware-as-a-service: The pandemic within a pandemic
Avaddon Clop Conti DoppelPaymer Egregor Hakbit Mailto Maze Mespinoza RagnarLocker REvil Ryuk SunCrypt ThunderX
2020-11-10AP NewsAshish Gahlot
Threat Hunting for REvil Ransomware
2020-11-04ZDNetCatalin Cimpanu
REvil ransomware gang 'acquires' KPOT malware
KPOT Stealer REvil
2020-10-29Bleeping ComputerIonut Ilascu
REvil ransomware gang claims over $100 million profit in a year
2020-10-28Intel 471Intel 471
Alleged REvil member spills details on group’s ransomware operations
2020-10-26CheckpointEyal Itkin, Itay Cohen
Exploit Developer Spotlight: The Story of PlayBit
Dyre Maze PyLocky Ramnit REvil
2020-10-23HornetsecurityHornetsecurity Security Lab
Leakware-Ransomware-Hybrid Attacks
Avaddon Clop Conti DarkSide DoppelPaymer Mailto Maze Mespinoza Nefilim RagnarLocker REvil Sekhmet SunCrypt
2020-10-20Bundesamt für Sicherheit in der InformationstechnikBSI
Die Lage der IT-Sicherheit in Deutschland 2020
Clop Emotet REvil Ryuk TrickBot
2020-10-06CrowdStrikeThe Crowdstrike Intel Team
Double Trouble: Ransomware with Data Leak Extortion, Part 2
Maze MedusaLocker REvil VIKING SPIDER
2020-10-01KELAVictoria Kivilevich
To Attack or Not to Attack: Targeting the Healthcare Sector in the Underground Ecosystem
Conti DoppelPaymer Mailto Maze REvil Ryuk SunCrypt
Microsoft Digital Defense Report
Emotet IcedID Mailto Maze QakBot REvil RobinHood TrickBot
2020-09-29PWC UKAndy Auld
What's behind the increase in ransomware attacks this year?
DarkSide Avaddon Clop Conti DoppelPaymer Dridex Emotet FriedEx Mailto PwndLocker QakBot REvil Ryuk SMAUG SunCrypt TrickBot WastedLocker
2020-09-25CrowdStrikeThe Crowdstrike Intel Team
Double Trouble: Ransomware with Data Leak Extortion, Part 1
DoppelPaymer FriedEx LockBit Maze MedusaLocker RagnarLocker REvil RobinHood SamSam WastedLocker MIMIC SPIDER PIZZO SPIDER TA2101 VIKING SPIDER
2020-09-24Kaspersky LabsKaspersky Lab ICS CERT
Threat landscape for industrial automation systems - H1 2020
Poet RAT Mailto Milum RagnarLocker REvil Ryuk Snake
2020-08-25KELAVictoria Kivilevich
How Ransomware Gangs Find New Monetization Schemes and Evolve in Marketing
Avaddon Clop DarkSide DoppelPaymer Mailto Maze MedusaLocker Mespinoza Nefilim RagnarLocker REvil Sekhmet
2020-08-21Vimeo (RiskIQ)Josh Burgess, Steve Ginty
The Evolution of Ransomware & Pinchy Spider's Shot at the Title
Gandcrab REvil
2020-08-21RiskIQSteve Ginty
Pinchy Spider: Ransomware Infrastructure Connected to Dark Web Marketplace
2020-08-20DomainToolsChad Anderson
Revealing REvil Ransomware With DomainTools and Maltego
Global Ransomware Attacks in 2020: The Top 4 Vulnerabilities
Clop Maze REvil Ryuk
2020-08-01Temple UniversityCARE
Critical Infrastructure Ransomware Attacks
CryptoLocker Cryptowall DoppelPaymer FriedEx Mailto Maze REvil Ryuk SamSam WannaCryptor
2020-07-31PRODAFT Threat IntelligencePRODAFT
OpBlueRaven: Unveiling Fin7/Carbanak - Part 1 : Tirion
Carbanak REvil FIN7
2020-07-29ESET Researchwelivesecurity
DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos PlugX Pony REvil Socelars STOP Tinba TrickBot WannaCryptor
2020-07-29AmosSysNicolas Guillois
Sodinokibi / REvil Malware Analysis
Peut-on neutraliser un ransomware lancé en tant que SYSTEM sur des milliers de machines en même temps?
2020-07-15Advanced IntelligenceSamantha van de Ven, Yelisey Boguslavskiy
Inside REvil Extortionist “Machine”: Predictive Insights
Gandcrab REvil
2020-07-10Advanced IntelligenceAdvanced Intelligence
The Dark Web of Intrigue: How REvil Used the Underground Ecosystem to Form an Extortion Cartel
Gandcrab REvil
2020-06-30AppGateThe Immunity Team
Electric Company Ransomware Attack Calls for $14 Million in Ransom
2020-06-23SymantecCritical Attack Discovery and Intelligence Team
Sodinokibi: Ransomware Attackers also Scanning for PoS Software, Leveraging Cobalt Strike
Cobalt Strike REvil
2020-06-19Panda SecurityAaron Jornet Sales, Javier Muñoz Alcázar, Jorge Barelles Menes, Pablo Cardós Marqués
Sodinokibi Malware report
2020-06-02ZDNetCatalin Cimpanu
REvil ransomware gang launches auction site to sell stolen data
2020-06-01AreteArete Incident Response
Sodinokibi / REvil Ransomware attacks against the Education Sector
A former DarkSide listing shows up on REvil’s leak site
DarkSide REvil
2020-05-07REDTEAM.PLAdam Ziaja
Sodinokibi / REvil ransomware
Maze MimiKatz REvil
2020-05-04Intel 471Intel 471 Malware Intelligence team
Changes in REvil ransomware version 2.2
2020-04-28MicrosoftMicrosoft Threat Protection Intelligence Team
Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk
LockBit Mailto Maze MedusaLocker Paradise RagnarLocker REvil RobinHood
2020-04-11Bleeping ComputerLawrence Abrams
Sodinokibi Ransomware to stop taking Bitcoin to hide money trail
2020-04-09Graham Cluley BlogGraham Cluley
Travelex paid hackers $2.3 million worth of Bitcoin after ransomware attack
2020-03-31Intel 471Intel 471
REvil Ransomware-as-a-Service – An analysis of a ransomware affiliate operation
Gandcrab REvil
2020-03-24Bleeping ComputerLawrence Abrams
Three More Ransomware Families Create Sites to Leak Stolen Data
Clop DoppelPaymer Maze Nefilim Nemty REvil
2020-03-07Bleeping ComputerLawrence Abrams
Ransomware Threatens to Reveal Company's 'Dirty' Secrets
2020-03-05MicrosoftMicrosoft Threat Protection Intelligence Team
Human-operated ransomware attacks: A preventable disaster
Dharma DoppelPaymer Dridex EternalPetya Gandcrab Hermes LockerGoga MegaCortex MimiKatz REvil RobinHood Ryuk SamSam TrickBot WannaCryptor PARINACOTA
2020 CrowdStrike Global Threat Report
MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER
2020-03-03PWC UKPWC UK
Cyber Threats 2019:A Year in Retrospect
KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA Sea Turtle
2020-02-29Security AffairsPierluigi Paganini
Sodinokibi Ransomware gang threatens to disclose data from Kenneth Cole fashion firm
2020-02-26Bleeping ComputerLawrence Abrams
Sodinokibi Ransomware May Tip NASDAQ on Attacks to Hurt Stock Prices
2020-02-25RSA ConferenceJoel DeCapua
Feds Fighting Ransomware: How the FBI Investigates and How You Can Help
FastCash Cerber Defray Dharma FriedEx Gandcrab GlobeImposter Mamba Phobos Rapid Ransom REvil Ryuk SamSam Zeus
2020-02-10MalwarebytesAdam Kujawa, Chris Boyd, David Ruiz, Jérôme Segura, Jovi Umawing, Nathan Collier, Pieter Arntz, Thomas Reed, Wendy Zamora
2020 State of Malware Report
magecart Emotet QakBot REvil Ryuk TrickBot WannaCryptor
2020-02-02Nullteilerfrei BlogLars Wallenborn
Defeating Sodinokibi/REvil String-Obfuscation in Ghidra
2020-01-30Under The BreachUnder The Breach
Tracking Down REvil’s “Lalartu” by utilizing multiple OSINT methods
2020-01-30Digital ShadowsPhoton Research Team
Competitions on Russian-language cybercriminal forums: Sharing expertise or threat actor showboating?
État de la menace rançongiciel
Clop Dharma FriedEx Gandcrab LockerGoga Maze MegaCortex REvil RobinHood Ryuk SamSam
Tracking REvil
2020-01-26Youtube (OALabs)Sean Wilson, Sergei Frankoff
IDA Pro Automated String Decryption For REvil Ransomware
2020-01-23Bleeping ComputerSergiu Gatlan
Sodinokibi Ransomware Threatens to Publish Data of Automotive Group
2020-01-18Bleeping ComputerLawrence Abrams
New Jersey Synagogue Suffers Sodinokibi Ransomware Attack
2020-01-17SecureworksKeita Yamazaki, Tamada Kiyotaka, You Nakatsuru
Is It Wrong to Try to Find APT Techniques in Ransomware Attack?
Defray Dharma FriedEx Gandcrab GlobeImposter Matrix Ransom MedusaLocker Phobos REvil Ryuk SamSam Scarab Ransomware
2020-01-11Bleeping ComputerLawrence Abrams
Sodinokibi Ransomware Publishes Stolen Data for the First Time
2020-01-10BleepingComputerSergiu Gatlan
Sodinokibi Ransomware Hits New York Airport Systems
2020-01-09Bleeping ComputerLawrence Abrams
Sodinokibi Ransomware Says Travelex Will Pay, One Way or Another
2020-01-06Bleeping ComputerIonut Ilascu
Sodinokibi Ransomware Hits Travelex, Demands $3 Million