Who is REvil? The Notorious Ransomware Hacking Group, Explained

Over the last two years, the internet has been riddled with ransomware attacks wherein cybercriminals compromise technology or data, make it inaccessible via encryption, and demand their victim pay a ransom to recover it. 

From The United Health Services attack to the Garmin exploit, bad actors are demanding higher stakes to unlock stolen files and repercussions across a number of industries continue to escalate.

One of the most notorious figures behind recent ransomware attacks is none other than REvil, a cyber gang changing the ransomware game across the world. 

Let’s look at arguably the most threatening cyber attackers and how America is handling today’s cybercrime pandemic.

 

Who is REvil?

The cyber gang REvil is a Russian-speaking cybercriminal collective that’s stolen millions of dollars from American organizations and governing bodies. The name is an amalgam of the words “ransomware” and “evil,” making it easy to associate the group with the ransomware attacks they’re most known for. The gang is also referred to as Sodinokibi for the family of malware it uses to encrypt devices. 

REvil is the infamous group behind the U.S. Colonial Pipeline ransomware attack, the JBS Meat Supplier exploit, and what’s been coined as “The “Biggest Ransomware Attack on Record,” Kaseya — just to name a few of their highly publicized cyber attacks. 

Besides orchestrating some of the costliest ransomware attacks of 2020 and 2021, REvil has reached even greater heights within the cybersecurity threat landscape by frontiering a malicious business model called Ransomware as a Service (RaaS). The hacking group now openly sells its exploits and cyber tools to third-party hackers to enable other singlehanded cybercriminals to execute malicious attacks. As a small fee for using their code and tools, REvil gets a 20% cut of any ransomware payment one of their affiliate hackers obtains.

Many also associate REvil with GandCrab, another cyber group responsible for an astounding 40% of all ransomware infections globally. While GandCrab declared it “retired” in 2019 after collecting $2 billion in ransom payments in just one year, REvil uses similar hacking tools and techniques and is often thought to be inspired by its notorious predecessor. 

 

The Latest on the Cyber Gang

The criminals behind the REvil attacks and RaaS exploits have been under investigation for months, as the United States government tracks down the bad actors behind these malicious attacks on American businesses and government entities alike. 

On November 8, 2021, The US Department of Justice announced it indicted two REvil members — Yaroslav Vasinskyi and Yevgeniy Igorevich Polyanin — for their involvement in the cyber gang. Vasinskyi was found to be connected directly to the July Kaseya exploit, one of our nation’s most disruptive attacks. Both are charged in separate indictments with “conspiracy to commit fraud and related activity in connection with computers, substantive counts of damage to protected computers, and conspiracy to commit money laundering,” The Department of Justice explains. Both could face 115-145 years in prison if convicted on all counts. In addition to catching these two, the department also announced they recovered $6.1 million alleged ransom payments to restore to businesses and government entities who paid the ransomware group to unlock compromised access. 

While finding these two REvil members is great progress towards stopping the cyber group from spreading more digital harm, there are still more members of the group actively conspiring online. The State Department is offering a $10 million reward for information leading to the identification or location of "any individual holding a key leadership position" in REvil’s ransomware gang. Additionally, the department is offering a $5 million reward for information "leading to the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in a Sodinokibi variant ransomware incident.”

 

Protect Against Ransomware Attacks Like These

One thing is for sure: ransomware exploits aren’t going to disappear any time soon, so businesses everywhere must be prepared for an attack. 

In our 5-1/2 Easy Steps to Avoid Cyber Threats guide, we offer a few immediately impactful ways to better prepare for ransomware and similar cyber attacks. Are you prepared? Download our eBook today to help protect your organization. New call-to-action

 

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

6 Types of Social Engineering Attacks and How to Prevent Them

Social engineering attacks account for a massive portion of all cyber-attacks.

Read more ›

What You Get When You Invest in Social Engineering Testing with Mitnick Security

When testing your employees' social engineering readiness, your teams need simulated attacks that feel as if they’re coming from a nefarious engineer...

Read more ›

Mitnick Security: Ransomware Awareness Training

Ransomware is a type of malware that prevents accessibility to either a single computer or an entire network until a ransom is paid. This can result i..

Read more ›
tech-texture-bg