Formally attributedUnknownREvil
Russian-speaking ransomware-as-a-service group also known as Sodinokibi, evolved from GandCrab. Responsible for major attacks including Kaseya and JBS. Dismantled by Russian FSB in January 2022. Members arrested and released in 2025.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 Low0.8
Low signal strength
Mentions1
Sources1
High conf.1
Last seenMay 2026
First observed
—
Last active
—
Origin
Russia
Aliases
6
Techniques
0
Campaigns
0
Russia
TargetsTechnologyManufacturingLegalGovernment
RegionsGlobal
Attribution signals
1 mention · 1 source#1high
HUMINT
krebs
May 2026