Last week, the infrastructure of REvil (Sodinokibi) returned online after months of downtime, and now the ransomware has resumed attacks. The fact is that in July 2021, the hack group went offline without giving any reason. Then it was a question of shutting down an entire network of conventional and darknet sites that were used… Continue reading REvil ransomware resumed attacks
Tag: Sodinokibi Ransomware
REvil Operators Demand $7.5 Million Ransom from Argentine Internet Provider
Last weekend, one of Argentina’s largest internet providers, Telecom Argentina, suffered from REvil (Sodinokibi) ransomware attack. Malware has infected about 18,000 computers, and now REvil operators demand $7.5 million from the company. The ZDNet magazine writes that the attackers managed to gain domain administrator rights, thanks to which the ransomware quickly spread to 18,000 workstations.… Continue reading REvil Operators Demand $7.5 Million Ransom from Argentine Internet Provider
IS specialists studied working methods of the REvil (Sodinokibi) ransomware operators
Information security specialists of the Danish provider KPN applied sinkholing to REvil (Sodinokibi) cryptographic servers and studied the working methods of one of the largest ransomware threats today. Recall that REvil works under the “ransomware as a service” (RaaS) scheme, which means malware is leased to various criminal groups. “Because there are many groups, as… Continue reading IS specialists studied working methods of the REvil (Sodinokibi) ransomware operators