Research: REvil ransomware investigated
REvil, also known as Sodinokibi, is a mature and widespread ransomware-as-a-service (RaaS) offering. Sophos researchers examined the tools and behaviors that attackers believe are most common in deploying a REvil attack. Criminal customers can lease the ransomware from the developers and place it on their victims' computers with their own parameters. The respective approach and the effects of an attack with REvil ransomware are therefore very variable and depend on the tools, behaviors, resources and skills of the attacker who is renting the malware. REvil ransomware under the hood Andrew Brandt, ...