• Home
  • Latest
  • Fortune 500
  • Finance
  • Tech
  • Leadership
  • Lifestyle
  • Rankings
  • Multimedia

Trendingnow

1

MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year

2

Philanthropy leader at Warren Buffett and Bill Gates’ Giving Pledge says children of billionaires are pushing them to give their wealth away faster

3

Elon Musk on MacKenzie Scott giving away $26 billion of her fortune: 'Sadly,' it makes the world a worse place

1

MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year

2

Philanthropy leader at Warren Buffett and Bill Gates’ Giving Pledge says children of billionaires are pushing them to give their wealth away faster

3

Elon Musk on MacKenzie Scott giving away $26 billion of her fortune: 'Sadly,' it makes the world a worse place
TechCybersecurity

Everything to know about REvil, the group behind a big ransomware spree

By
Jonathan Vanian
Jonathan Vanian
Down Arrow Button Icon
By
Jonathan Vanian
Jonathan Vanian
Down Arrow Button Icon
July 7, 2021, 9:07 PM ET
Add Fortune on Google for similar content.

A ransomware attack on business software company Kaseya has been blamed on REvil, a suspected Russia-based hacking group that has been linked to several other major breaches.

The Kaseya attack, which started last Friday, hit a number of companies and organizations, including Sweden’s largest supermarket chain Coop and schools in New Zealand. To gain access to the victims, the hackers exploited a bug in the IT management software of Kaseya.

In June, the FBI said REvil was behind the massive cyber attack that shut down the operations of JBS the world’s biggest meat supplier. Although JBS said it was able to regain control of its computer systems, it paid a $11 million ransom to “mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated.”

Here’s what you need to know about the notorious hacking group and its ransomware attacks.

What is REvil?

REvil’s name is an amalgam of “ransomware” and “evil,” said Satnam Narang, a staff research engineer for the security firm Tenable. The group is also known as Sodinokibi, and security researchers have previously named the organization’s family of malware that encrypts, or scrambles data REvil/Sodinokibi, or REvil.Sodinokibi.

Security researchers have linked the creators of the REvil/Sodinokibi malware to the authors of the GandCrab ransomware, which was first noticed in 2018. Hackers affiliated with GandCrab targeted healthcare firms, including the medical service billing provider Doctor’s Management Service.

In 2019, members of this GandCrab said they would retire and bragged about collecting $2 billion in ransom payments after just one year. A year later, the Minister of Internal Affairs of Belarus said it had arrested a hacker with ties to GandCrab.

Tony Cook, ransomware negotiator and head of threat intelligence at GuidePoint Security, said REvil appears to be inspired by GandCrab in that the two groups use similar tool and hacking techniques. That said, with the number of similar ransomware groups, it’s hard to determine which hacking group is responsible for specific attacks.

Narang noted that the GandCrab group targeted managed service providers, which operate IT systems on behalf of other companies, during its final days. This gives credence to the notion that former GandCrab members are now with REvil.

What does REvil do?

REvil acts a business that sells hacking technology and other tools to third-party hackers. REvil members have created online infrastructure on the dark web, a part of the Internet that search engines like Google don’t track, for other hackers to post stolen documents and collect ransomware payments from victims, Narang said. In exchange for using REvil’s services and malware, REvil, like similar groups, takes a roughly 20% cut of any ransomware payments while its affiliate hackers keep the other 80%, he added.

Other hacking groups that operate similar ransomware-as-a-service include Conti and Ryuk, Narang said.

What does REvil want?

Unlike nation-state hackers, REvil is purely financially motivated, said Jack Cable, a security architect at cybersecurity consulting firm Krebs Stamos Group.

Cable contacted REvil through the dark web to see if it would sell him a so-called universal decryptor key, which would unlock and unscramble infected computers. He was surprised when the group offered him the tool for $50 million instead of the initial asking price of $70 million, which led him to speculate that it may be having trouble collecting payments.

REVil is now asking for $50 million (lower than previously reported $70 million). Quickly lowering prices makes me wonder if they're getting desperate. pic.twitter.com/crbubdw48g

— Jack Cable (@jackhcable) July 5, 2021

Cable was also surprised that REvil seemed willing to accept Bitcoin as a payment instead of the cryptocurrency Monero, which is considered to be more difficult to trace.

Hacking groups that are financially motivated, he said, can be more dangerous than nation-state hacking groups because they are more willing to “shut down hospitals.” Nation-state hacking groups operate by “unwritten rules and norms” that typically mean they avoid engineering hacks that could kill people, like shutting down a hospital, he explained. 

What else has REvil hacked?

Besides Kaseya and JBS, REvil has been linked to high-profile ransomware attacks, including against Quanta, a Taiwanese company that sells data center gear to Apple. REvil said it was able to steal sensitive data from Apple like computer designs and demanded a $50 million ransom. But as tech publication MacRumors reported in April, REvil “mysteriously removed all references related to the extortion attempt from its dark web blog.” It’s unclear whether Apple or Quanta paid the ransom. 

REvil also took credit for hacking New York law firm Grubman, Shire, Meiselas & Sacks, claiming to have obtained documents related to former President Donald Trump. But some security researchers suspected the group was bluffing, and the Trump administration designated REvil as a terrorist group.  

How can companies prevent ransomware attacks?

Companies should back up all of their important data offline so they can restore their IT systems after being attacked, without paying a ransom. Companies also should provide cybersecurity training to their employees.

“The CEO of every business has to be preparing for ransomware,” Cable said. “They need to think about a cybersecurity strategy.”

Subscribe to Fortune Daily to get essential business stories straight to your inbox each morning.

About the Author
By Jonathan Vanian
LinkedIn iconTwitter icon

Jonathan Vanian is a former Fortune reporter. He covered business technology, cybersecurity, artificial intelligence, data privacy, and other topics.

See full bioRight Arrow Button Icon
Add Fortune on Google for similar content.

Latest in Tech

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025

Most Popular

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Fortune Secondary Logo
Rankings
  • 100 Best Companies
  • Fortune 500
  • Global 500
  • Fortune 500 Europe
  • Most Powerful Women
  • World's Most Admired Companies
  • See All Rankings
  • Lists Calendar
Sections
  • Finance
  • Fortune Crypto
  • Features
  • Leadership
  • Health
  • Commentary
  • Success
  • Retail
  • Mpw
  • Tech
  • Lifestyle
  • CEO Initiative
  • Asia
  • Politics
  • Conferences
  • Europe
  • Newsletters
  • Personal Finance
  • Environment
  • Magazine
  • Education
Customer Support
  • Frequently Asked Questions
  • Customer Service Portal
  • Privacy Policy
  • Terms Of Use
  • Single Issues For Purchase
  • International Print
Commercial Services
  • Advertising
  • Fortune Brand Studio
  • Fortune Analytics
  • Fortune Conferences
  • Business Development
  • Group Subscriptions
About Us
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • Facebook icon
  • Twitter icon
  • LinkedIn icon
  • Instagram icon
  • Pinterest icon

Latest in Tech

Nikesh Arora, chief executive officer at Palo Alto Networks
SuccessJobs
CEO of $248 billion cybersecurity company says workers are about to face a ‘Darwinian moment’ thanks to AI: Evolve or get cut
By Emma BurleighJuly 1, 2026
1 hour ago
Current price of Ethereum for July 1, 2026
Personal FinanceEthereum
Current price of Ethereum for July 1, 2026
By Joseph HostetlerJuly 1, 2026
3 hours ago
In this photo illustration, a Cisco logo is displayed on a smartphone with Artificial Intellingence (AI) symbols in the background.
AICFO Daily
Cisco is rolling out AI agents to every single one of its 90,000 employees
By Sheryl EstradaJuly 1, 2026
3 hours ago
senate
CommentaryCongress
One rare bipartisan AI bill is moving through Congress. Here’s why it deserves to pass
By Neil Björkman and Betsy BrewerJuly 1, 2026
5 hours ago
I know how Gen Z can survive the ‘jobpocalypse’ because I built an AI company — in 2015
CommentaryCareers
I know how Gen Z can survive the ‘jobpocalypse’ because I built an AI company — in 2015
By Jeremy FainJuly 1, 2026
5 hours ago
OCBC rolls out its ‘avatar banking’ platform with ‘Wendy’ and ‘Wayne,’ two virtual financial advisors, as banks integrate AI into wealth management
AsiaSingapore
OCBC rolls out its ‘avatar banking’ platform with ‘Wendy’ and ‘Wayne,’ two virtual financial advisors, as banks integrate AI into wealth management
By Angelica AngJuly 1, 2026
5 hours ago

Most Popular

MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year
Success
MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year
By Sydney LakeJune 25, 2026
6 days ago
Philanthropy leader at Warren Buffett and Bill Gates’ Giving Pledge says children of billionaires are pushing them to give their wealth away faster
Success
Philanthropy leader at Warren Buffett and Bill Gates’ Giving Pledge says children of billionaires are pushing them to give their wealth away faster
By Preston ForeJune 27, 2026
4 days ago
Elon Musk on MacKenzie Scott giving away $26 billion of her fortune: 'Sadly,' it makes the world a worse place
Success
Elon Musk on MacKenzie Scott giving away $26 billion of her fortune: 'Sadly,' it makes the world a worse place
By Sydney LakeJune 29, 2026
2 days ago
The U.S. Army is opening military bases to private billions — here's why that changes everything for the next 250 years
Commentary
The U.S. Army is opening military bases to private billions — here's why that changes everything for the next 250 years
By Marc AndersenJune 30, 2026
1 day ago
Current price of oil as of June 30 2026
Personal Finance
Current price of oil as of June 30 2026
By Joseph HostetlerJune 30, 2026
1 day ago
As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch
Big Tech
As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch
By Marco Quiroz-GutierrezJuly 1, 2026
9 hours ago

© 2026 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information
FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.