REvil or Sodinokibi ransomware operation is apparently resumes again. Its operation was shutdown by law enforcement agencies in October 2021. Their TOR website is resumed and a new sample is captured in the wild.
REvil Ransomware has now a new tentacle for Linux machines. It is caught encrypting Vmware ESXi virtual machine. Linux variant has almost same functionality as of its Windows counterpart.
REvil Ransomware, also known as Sodinokibi, is a ransomware that infects a system or network, encrypts files, and demands a ransom to for decryption.
Sodin, Sodinokibi, REvil or BlueBackground Ransomware encrypts user data with AES, and then requires a ransom at 0.475–0.950 BTC to return files. It exploits a zero-day, CVE-2018-8453, was previously abused by an APT, and was patched in the Oct 18 Patch Tuesday.