REvil (Sodinokibi)

REvil, also known as Sodinokibi, was an infamous Russian-linked ransomware operation notorious for executing high-profile attacks against major corporations and critical infrastructure providers worldwide. Operating primarily between 2019 and 2021, REvil became synonymous with the most damaging ransomware campaigns, targeting organizations across sectors including energy, healthcare, and technology. The group pioneered aggressive double-extortion tactics and operated a sophisticated RaaS platform that franchised attacks to affiliates in exchange for a percentage of ransom payments. REvil's transparency regarding their criminal enterprise, including leaked communications and ransom negotiations, provided unprecedented insight into ransomware gang operations and their profit models. Example: REvil conducted the 2021 JBS Foods ransomware attack, forcing the world's largest meat processing company to shut down operations and pay $11 million in Bitcoin ransom to restore critical systems. Why it matters for compliance: REvil's prominence underscores the need for strict compliance frameworks around ransomware response, cryptocurrency transaction reporting, and supply chain security. Organizations must monitor and restrict cryptocurrency flows to identified threat actors and maintain detailed incident response documentation.

Category: compliance, crypto history

Explore the full Web3 Glossary — 2,062+ expert-curated definitions. Need guidance? Talk to our consultants.