- REvil is an ambitious hacking group that blackmailed tens of millions of victims.
- REvil is likely based in Russia and linked to a strain of ransomware used to target healthcare companies.
- The group’s purely financial motivations can make them more dangerous than other hacking groups.
REvil, one of today’s most notorious and ambitious groups of hackers, has launched attacks on hundreds of companies around the world many times request and receive millions of its victims, according to CyberScoop.
Most recently, it targeted the software provider Kaseya VSA, which operates the
on hundreds of its users, forcing JBS, the world’s largest meat processor, to pay a $ 11 million ransom to regain control of its operations. Here’s what you should know about them:
who they are
REvil is likely a Russia-based ransomware groupas his code was written to bypass computers using Russian. According to NBC, this is a common strategy to avoid conflict with local authorities.
When REvil showed up
The creators of REvil are in conjunction with the architects of the GandCrab ransomwarewhich, according to Fortune, was first used in 2018 for attacks on healthcare companies. One of the first signs of REvil was a 2019 attack that hit 22 Texas cities and demanded a joint ransom of $ 2.5 million, as reported by ZDNet.
What REvil wants
The group’s only motivation is to extort money from their victims, which makes them more dangerous than nation-state hacking groups who may be less willing to attack targets like hospitals, cybersecurity research Jack Cable told Fortune.
This is how REvil works
REvil sells its technology to other hackers in exchange for a 20% cut in the
payments initiated by the third parties, Fortune reported. The group also threatens to release data and information of the targeted companies in the dark web if companies do not adhere to it.