Will the REvil Story Finally be Over?

Victoria Kivilevich, Director of Threat Research

According to recent reports, the operations of REvil ransomware were recently disrupted by a coordinated law enforcement operation (although not formally confirmed), taking their websites offline. Earlier that week, the most recently self-proclaimed representative of the RaaS bid farewells claiming that the servers were compromised – making it effectively the second time this year whereby the REvil (Sodinokibi) ransomware group has disappeared from radars. 

Does it mean the gang’s story will end? And how will this affect other RaaS programs? KELA summarizes the group’s activities after the notorious Kaseya attack and assesses the possible consequences of its disappearance, considering the fact that ransomware affiliates became a driving power of RaaS (ransomware-as-a-service) operations.