REvil Ransomware, also known as Sodinokibi Ransomware
, is a ransomware that infects a system or network, encrypts files, and demands a ransom to for decryption. It has been evolving since its first detection and learned many trick on its destructive rampage. A recent change to the REvil ransomware allows the threat actors to automate file encryption via Safe Mode after changing changing the logged-on user's password and configuring Windows to automatically login on reboot. The ransomware change the user password to DTrump4ever
using following registry addition.
REvil v2.05 Signatures
REvil v2.05 Download
REvil v2.04 Signatures
REvil v2.04 Download