Sophos: REvil Ransomware Group Most Active in Targeting Businesses

Unfortunately, there is no simple answer and no silver bullet to stopping ransomware.

Edward Gately, Senior News Editor

July 5, 2021

6 Slides
Ransomware attack

Already have an account?

Shutterstock

Sophos has zeroed in on the notorious REvil ransomware group, which launches human-orchestrated attacks that come with ransom demands.

In a recent blog, Sophos details how it and a targeted company’s IT team were locked in live combat with the adversaries behind the attack. The midsize media company targeted by REvil ransomware attackers sought to secure a multimillion-dollar payout.

The REvil ransomware group attack ultimately failed, but not before the attackers encrypted the data on unprotected devices, deleted online backups, and decimated one online and undefended domain. The company has yet to fully recover.

MacKenzie-Peter_Sophos-CEE-2019-300x200.jpg

Sophos’ Peter Mackenzie

REvil, also known as Sodinokibi, is a widely used, conventional ransomware-as-a-service (RaaS) offering that’s been around since 2019. Criminal customers can lease the REvil ransomware from its developers. Furthermore, they can add their own tools and resources for targeting and implementation.

As a result, the approach and impact of an attack involving REvil ransomware is highly variable, according to Sophos. This can make it hard for defenders to know what to expect and look out for.

In a Q&A with Channel Futures, Peter Mackenzie, incident response manager at Sophos, talks more about the REvil ransomware group.

Channel Futures: Is REvil an especially fast-moving attack? What should organizations’ first course of action be if they’re hit with REvil?

Peter Mackenzie: Affiliates do REvil attacks. They use a variety of techniques and styles, which means the time the attacker is on the network can differ greatly. Most are, however, a few days up to a few weeks prior to the ransomware deployment.

Scroll through our slideshow above for more from Sophos and other cybersecurity news this week.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

Read more about:

MSPs

About the Author

Edward Gately

Senior News Editor, Channel Futures

As senior news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like