- REvil is an ambitious hacking group that extorts tens of millions from victims.
- REvil is likely Russia-based and linked to a ransomware strain used to attack healthcare firms.
- The group's solely financial motivations can make it more dangerous than other hacking groups.
- See more stories on Insider's business page.
REvil, one of the most notorious and ambitious hacking groups today, has launched attacks against hundreds of companies worldwide, often demanding and receiving millions from its victims, according to CyberScoop.
Most recently, it targeted software provider Kaseya VSA, which passed the malware on to hundreds of its users, and forced JBS, the world's largest meat processor, to pay a $11 million ransom to regain control of its operations. Here's what you should know about them:
Who they are
REvil is likely a Russia-based ransomware group, as its code is written to bypass computers that use Russian. This is a common strategy to avoid running afoul of local authorities, according to NBC.
When REvil emerged
REvil's creators are linked to the architects of GandCrab ransomware, which was first used in 2018 primarily to attack healthcare firms, according to Fortune. One of the first signs of REvil was a 2019 attack that struck 22 Texas towns and demanded a collective ransom of $2.5 million, as reported by ZDNet.
What REvil wants
The group's only motivation is extorting money from its victims, making it more dangerous than nation-state hacking groups, which might be less willing to attack targets such as hospitals, cybersecurity research Jack Cable told Fortune.
How REvil works
REvil sells its technology to other hackers in exchange for a 20% cut of the ransomware payment elicited by the third-party groups, Fortune reported. The group also threatens to release data and information from the companies it targets on the dark web if companies don't comply.