Article by, Oakley Cox, Director of Analysis, Darktrace
REvil, also known as Sodinokibi, is a Ransomware-as-a-Service (RaaS) gang responsible for one of the largest ransomware attacks in history. On 14th January 2022, Russia announced it had arrested 14 members of the criminal gang. The move came at the request of the US authorities, who have worked hard with international partners to crack down on the gang. Last year, multiple high-profile attacks were attributed to the REvil group, including the JBS ransomware and Kaseya supply chain incidents.
The arrests are certainly a victory for western law enforcement agencies, and follows November’s announcement from Europol that seven arrests of REvil affiliates had been made in the preceding months. The question is: to what extent will these arrests disrupt the gang’s operations, and for how long?