Ransomware
REvil
aka Sodinokibi · Sodin
A prolific ransomware-as-a-service operation behind the Kaseya and JBS attacks, known for high ransoms and the Sodinokibi encryptor.
REvil (Sodinokibi) was a top-tier ransomware-as-a-service brand, widely seen as a successor to GandCrab. From 2019 its affiliates carried out some of the highest-profile attacks of the era, demanding record ransoms and publishing stolen data on its "Happy Blog" leak site.
Landmark attacks
REvil hit JBS (the world's largest meat processor) and, via a Kaseya VSA supply-chain compromise in July 2021, pushed ransomware to hundreds of downstream businesses at once. These campaigns are tracked on Cyber Breaches.
Takedown
Under intense pressure, REvil went dark; in 2022 Russia's FSB announced arrests and seizures. A Sodinokibi config-extraction guide lives on the Reverse Engineering Hub.
Defense
Patch internet-facing appliances, vet RMM/supply-chain software, segment networks, and keep tested offline backups.