REvil Ransomware-as-a-Service – An analysis of a ransomware affiliate operation

From Intel471’s Malware Intelligence Team:

REvil aka Sodinokibi, Sodin is a ransomware family operated as a ransomware-as-a-service (RaaS). Deployments of REvil first were observed in April 2019, where attackers leveraged a vulnerability in Oracle WebLogic servers tracked as CVE-2019-2725.

REvil is highly configurable and allows operators to customize the way it behaves on the infected host.

Read their analysis on Intel471.

About the author: Dissent

Comments are closed.