Skip to main content

// group profile

revil

Inactive

Sodinokibi ransomware group also known as REvil (Ransomware Evil) operates as a ransomware-as-a-service (RaaS) model. After the group compromised his victims, they would threaten to publish the victim's sensitive data on their darknet blog named 'Happy Blog', unless the ransom is paid. The ransomware malware code used by REvil is pretty similar to the ransomware code used by DarkSide - a different threat actor. REvil group claims to steal information after a successful attack on the supplier of the tech giant Apple and stole confidential schematics of their upcoming products.

96

Victims

3

Sites

Victims (96)

Live

kusd.edu

revilUnited States

Sunknowledge Services Inc

medibank.com.au

revilAustralia

Midea Group

Doosan Group

OptiProERP is a leading global provider of industry-specific ERP solutions for manufacture

Ludwig Freytag Group

Unicity International

Stratford University

Asfaltproductienijmegen

CYMZ

www.oil-india.com

Visotec Group www.visotec.com

PTT Exploration and Production - 720GB

ECKERD PERU S.A, INKAFARMA, MIFARMA

Join us on RAMP

Ronmor Holdings

Fimmick CRM Hong Kong (www.fimmick.com)

Fimmick CRM Honk Kong (www.fimmick.com)

Spiezle Architectural Group Inc.

ohiograting.com

Apex America

Allen, Dyer, Doppelt, & Gilchrist, P.A.

Betenbough Homes

CEC Vibration Products

Known Leak Sites

dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onionDLS

aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onionChat

blogxxu75w63ujqarv476otld7cyjkq4yoswzt4ijadkjwvg3vrvd5yd.onionDLS

Top Targeted Countries

United States30

Australia4

United Kingdom3

France2

Japan1

MITRE ATT&CK

T1486Data Encrypted for Impact

Uses Salsa20 and ECDH

T1490Inhibit System Recovery

Deletes shadow copies via vssadmin and PowerShell

T1489Service Stop

Terminates processes and services

T1112Modify Registry

Stores configuration in the Windows registry

T1027Obfuscated Files or Information

Configuration stored as encrypted JSON

Associated group: GOLD SOUTHFIELD

Activity

Total victims96

Countries affected14

Last seenNo recent activity

Explore

Ransomware NewsRelated articles

Check DecryptorsFree tools

Payment DataRansom tracking

MITRE ATT&CKTechniques

Live MapGlobal view

Source: ransomware.live|Refreshes every 5 min