How REvil Used the Underground Ecosystem to Form an Extortion Cartel
A new paper on Sodinokibi (REvil) ransomware operators by Advanced Intelligence begins:
Just about one year ago, the makers of the infamous GandCrab ransomware announced their retirement, having reportedly earned an astonishing $2 billion since their entry into the ransomware market in January 2018. The vacuum was quickly filled, however. Forensic and malware evidence was soon discovered connecting GandCrab’s malware to a new ransomware variant which was about to wreak havoc on a global scale: REvil.
REvil’s rise was rapid. It has victimized enterprises and municipal governments alike, having claimed 12.5% of the ransomware market share as of Q2 2019. By mid-May of this year, the threat actor behind REvil announced that it had infiltrated a major entertainment law firm’s computer systems, and threatened to release information on U.S. President Donald Trump if they did not receive a $42 million ransom. In this way, the REvil ransomware gang – now reportedly considered a terrorist organization by the FBI – has become more than just a hacking collective. REvil now dominates the threat ecosystem as the ultimate extortionist cartel.
Read their full report on their site.