REvil or Sodinokibi ransomware operation apparently resumes again. Its operation was shutdown by law enforcement agencies in October 2021. Their TOR website is resumed and a new sample is captured in the wild. This sample has a complied timestamp of 2022-04-27. It has new config, new mutex, new campaign ID. It suggest that it has been compiled from the source code, which only the REvil/Sodinokibi ransomware creators have access to. This sample does not encrypt files it juts adds a random extension and demands a ransom of 42 BTC. It may be a configuration error that it does not encrypt files, time will tell.
REvil (Sodinokibi) New Ransomware Signatures
REvil (Sodinokibi) New Ransomware Download