What is REvil Ransomware?
REvil Ransomware, also known as Sodinokibi, is a strain of ransomware that infects a system or network, encrypts files, and demands a payment (or ransom) to decrypt them. The ransom demand doubles if the victim fails to pay by the first deadline. REvil (short for ransomware evil) counts itself among the ransomware-as-a-service (RaaS) trend.
How to Recognize This Threat: Like other ransomware, a victim of REvil receives a message that the ransom is required to access files that were previously accessible. As far as how it spreads, unlike more targeted varieties, RaaS ransomware types are typically spread more widely, through phishing emails and infected attachments.
How to Prevent This Threat: As with other ransomware, protecting against a REvil attack is multi-faceted. Educate employees to avoid suspicious links and attachments. Maintain regular backups of your files so you can restore them if they’re encrypted. And employ a next generation firewall with real-time security services that feature sandboxing, machine learning, signature-less defenses, and more to detect and stop ransomware before it strikes.