REvil. Rendering of graphs and diagrams ...
  March 21, 2024 ∘ 25 days ago
RaaS Ransomware Cybercrime Group

«REvil», one of the most aggressive organized criminal groups of our time, operating under the «RaaS» business model («ransomware-as-a-service»), provided the «Sodinokibi» ransomware to other cybercriminal groups under the partner program for a percentage of the ransom paid by the victims.

«Sodinokibi» was developed on the basis of the program code of another ransomware - «GandCrab» - which was actively used by the cybercriminal group of the same name until the summer of 2019, when the group announced its departure.

The period of activity of «REvil» falls on 2019 - 2022, until the liquidation of the group in January 2022 as a result of a special operation conducted by the Federal Security Service and the Ministry of Internal Affairs of Russia.

The geography of incidents related to «REvil» is diverse: the victims are located in the USA, the countries of the European Union and the Asia-Pacific region. The Group avoided using «Sodinokibi» in relation to residents of the CIS countries.


Activity dynamics 

Malicious infrastructure growth dynamics  

Countries where most part of the malicious infrastructure is located 
Malicious infrastructure map 

Malicious infrastructure rose 

Extensions of captured samples