The Sodinokibi Ransomware (REvil) has been making news lately as they target the enterprise, MSPs, and government entities through their hand-picked team of all-star affiliates. These affiliates appear to have had a prior history with the GandCrab RaaS and use similar distribution methods.

It should be noted that we will refer to this ransomware infection as Sodinokibi as that is what it is most commonly known as to the general public and victims. This ransomware also goes under the name REvil, which is the actual name given by the malware developers.

Since being discovered in late April exploiting vulnerable WebLogic servers, Sodinokibi has seen wide success being distributed worldwide through exploit kits, phishing campaigns, remote desktop attacks, and large scale attacks through hacked MSP.