REvil Ransomware, also known as Sodinokibi Ransomware
, is a ransomware that infects a system or network, encrypts files, and demands a ransom to for decryption. It has been evolving since its first detection and learned many trick on its destructive rampage. A recent change to the REvil ransomware allows the threat actors to automate file encryption via Safe Mode after changing changing the logged-on user's password and configuring Windows to automatically login on reboot. The ransomware change the user password to DTrump4ever
using following registry addition.
Update: REvil Linux variant
detected in the wild.
REvil v2.05 Signatures
REvil v2.05 Download
REvil v2.04 Signatures
REvil v2.04 Download