What is it?
- It is a suspected Russian-based hacking group that has been linked to several other major breaches.
- REvil’s name is an amalgam of “ransomware” and “evil,”. The group is also known as Sodinokibi.
How do they work?
- REvil operates a business that sells hacking technology and other tools to third-party hackers.
- REvil members have created online infrastructure on the dark web, a part of the Internet that search engines like Google don’t track, for other hackers to post stolen documents and collect ransomware payments from victims.
- The dark web is the hidden collective of internet sites only accessible by a specialized web browser. It is used for keeping internet activity anonymous and private, which can be helpful in both legal and illegal applications. While some use it to evade government censorship, it has also been known to be utilized for highly illegal activity.
- The dark web is a very concealed portion of the deep web that few will ever interact with or even see. In other words, the deep web covers everything under the surface that’s still accessible with the right software, including the dark web.
- In exchange for using REvil’s services and malware, REvil, like similar groups, takes a cut of any ransomware payments while its affiliate hackers keep the rest.
Why in News:
- A ransomware attack by REvil hit a number of companies and organizations, including Sweden’s largest supermarket chain Coop and schools in New Zealand.
What is ransomware
- Ransomware is malware that employs encryption to hold a victim’s information at ransom. A user or organization’s critical data is encrypted so that they cannot access files, databases, or applications.
- A ransom is then demanded to provide access.
- Example of ransomware: WannaCry, NotPetya
To read more about ransomware and cyberattacks