FLASH REPORT: New REvil Version Identified

In this report, you’ll find insights on:

  • Updated samples indicate REvil or someone close to the group has resumed operations
  • REvil joins a growing list of ransom families requiring predetermined command line arguments to function
  • REvil no longer refuses to run based on an infected systems’ language
  • An unused configuration element introduced previously is now populated with credentials

Download the Report

REvil — sometimes referred to as Sodinokibi — is a ransomware family that first appeared in April 2019 and is thought to be a rebrand of the GandCrab ransomware. The group has been attributed to high-profile attacks, such as those committed against JBS Foods and Kaseya in 2021. Although several members of the group were arrested in January 2022, that does not appear to have deterred the remaining members. After halting all public activity in October 2021, REvil appears to have resumed operations in April 2022. ZeroFox Intelligence has shared their latest observations and assessments in this Flash Report.

FLASH REPORT: New REvil Version Identified
© 2022 by ZeroFox. All Rights Reserved. 
Privacy Policy Terms and Transparency