Who is REvil

Who is REvil and What Do They Do?

Who is REvil
Who is REvil | Image credits: Cyber Threat Intelligence

It is based in Russia or has a primary language of Russian as its primary language. REvil (Ransomware Evil) is a criminal enterprise that specializes in Ransomware-as-a-Service (RaaS), also known as Sodinokibi.

Because the cybercrime gang REvil threatened to broadcast the stolen material on their Happy Blog website unless the ransom was paid, the cybercrime organization has gained widespread attention. When REvil raided a critical source, they were able to grab very sensitive designs for Apple's upcoming products.

On July 13, 2021, all REvil domains and associated infrastructures were removed from the Internet, which was a rare occurrence.

Ransomware supplier REvil recruits people to aid in the propagation of the ransomware. According to the deal, affiliates and crooks will split the revenue earned by ransomware. Although it is difficult to pinpoint the exact location of the group, it is widely assumed to be based in Russia due to the fact that the gang has not targeted Russian companies or other enterprises in the former Soviet Union.

When compared to DarkSide, another hacker gang, the ransomware used by REvil is nearly identical. However, REvil's source code isn't available to the public, which suggests that DarkSide is either a spin-off of, or a collaborator with, REvil. Both REvil and DarkSide use ransom letters that are nearly identical in style, as well as the same coding to determine whether the victim is located in a country belonging to the Commonwealth of Independent States (CIS).

Cybersecurity experts believe that REvil was founded as a continuation of a well-known hacker gang known as GandCrab, which is no longer in operation. It is assumed that this is the case because REvil began operating immediately after GandCrab's demise and because both of them make extensive use of programming to accomplish their goals.