ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool Sodinokibi

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Sodinokibi

NamesSodinokibi
Sodin
REvil
CategoryMalware
TypeRansomware, Big Game Hunting
Description(Cybereason) The ransomware iterates through all folders on the machine, encrypts all files, and drops a ransom note in each folder. Once it has finished encryption, it changes the desktop wallpaper to help inform the user of the attack.
Information<https://www.cybereason.com/blog/the-sodinokibi-ransomware-attack>
<https://blog.intel471.com/2020/05/04/changes-in-revil-ransomware-version-2-2/>
<https://www.bleepingcomputer.com/news/security/revil-ransomware-scans-victims-network-for-point-of-sale-systems/>
<https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/revil-ryuk-tycoon-ransomware/>
<https://www.bleepingcomputer.com/news/security/revil-ransomware-has-a-new-windows-safe-mode-encryption-mode/>
<https://www.tripwire.com/state-of-security/featured/revil-ransomware-what-you-need-to-know/>
<https://www.cybereason.com/blog/cybereason-vs.-revil-ransomware>
<https://www.bleepingcomputer.com/news/security/revil-ransomwares-new-linux-encryptor-targets-esxi-virtual-machines/>
<https://cybersecurity.att.com/blogs/labs-research/revils-new-linux-version>
<https://www.databreaches.net/still-think-you-can-negotiate-with-revil-and-get-your-files-back-read-this-first/>
<https://www.cybereason.com/blog/cybereason-vs-revil-ransomware-the-kaseya-chronicles>
<https://www.bankinfosecurity.com/blogs/theres-clear-line-from-revil-ransomware-to-russia-p-3065>
<https://www.mcafee.com/blogs/other-blogs/mcafee-labs/revil-ransomware-uses-dll-sideloading/>
<https://www.elliptic.co/blog/revil-revealed-tracking-ransomware-negotiation-and-payment>
<https://www.bleepingcomputer.com/news/security/kaseya-obtains-universal-decryptor-for-revil-ransomware-victims/>
<https://www.flashpoint-intel.com/blog/possible-universal-revil-master-key-posted-to-xss/>
<https://blogs.cisco.com/security/threat-protection-the-revil-ransomware>
<https://securityintelligence.com/posts/sodinokibi-ransomware-incident-response-intelligence-together/>
<https://www.bleepingcomputer.com/news/security/free-revil-ransomware-master-decrypter-released-for-past-victims/>
<https://www.malvuln.com/advisory/7d7ee58c2696794b3be958b165eb61a9.txt>
<https://www.secureworks.com/blog/revil-development-adds-confidence-about-gold-southfield-reemergence>
MITRE ATT&CK<https://attack.mitre.org/software/S0496/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.revil>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:Sodinokibi>
Playbook<https://pan-unit42.github.io/playbook_viewer/?pb=revil-ransomware>
<https://www.nomoreransom.org/uploads/REvil_documentation.pdf>

Last change to this tool card: 30 December 2022

Download this tool card in JSON format

All groups using tool Sodinokibi

ChangedNameCountryObserved

APT groups

 Pinchy Spider, Gold SouthfieldRussia2018-May 2024X

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]