REvil or Sodinokibi ransomware operation apparently resumes again. Its operation was shutdown by law enforcement agencies in October 2021. Their TOR website is resumed and a new sample is captured in the wild. This sample has a complied timestamp of 2022-04-27. It has new config, new mutex, new campaign ID. It suggest that it has been compiled from the source code, which only the REvil/Sodinokibi ransomware creators have access to. This sample does not encrypt files it juts adds a random extension and demands a ransom of 42 BTC. It may be a configuration error that it does not encrypt files, time will tell.
REvil (Sodinokibi) New Ransomware Signatures
Family: Ransom:Win32/Revil.D!MTB
MD5: ad49374e3c72613023fe420f0d6010d9
SHA256: 0c10cf1b1640c9c845080f460ee69392bfaac981a4407b607e8e30d2ddf903e8
REvil (Sodinokibi) New Ransomware Download
