Skip to main content


Home REvil ransomware

REvil ransomware

(also REvil, Ransomware Evil, Sodinokibi)

REvil ransomware definition

REvil ransomware is a virus that encrypts the victim’s files and holds them hostage until a ransom is paid. REvil was ransomware-as-a-service (RaaS), meaning that the malware was rented to other hackers by its developers for a cut of the profits.

Allegedly, this highly successful ransomware-as-a-service operation was based in Russia and dismantled by the state authorities in early 2022. While this did reduce the frequency of REvil ransomware incidents across the globe, the attacks have not disappeared entirely. Security experts now believe that the hackers arrested were merely affiliates.

Real REvil ransomware attack examples

April 2021: REvil stole secret Apple design plans from Quanta Computer, threatening to release them publicly unless a $50 million ransom was paid.

May 2021: REvil ransomware disrupted JBS S.A. beef, poultry, and pork plant operations, forcing the company to pay $11 million in Bitcoin to resume production.

Stopping REvil ransomware

  • Avoid suspicious websites because they can run scripts to compromise your device or host infected files. Use NordVPN’s Threat Protection feature to weed out dangerous links and scan files that you download for malware.
  • Check links and files before you click them. Hackers use compromised email or social media accounts to masquerade as trusted people and trick you into downloading ransomware.
  • Back up your data frequently to avoid being locked out of vital files. NordLocker offers secure cloud storage for your documents, plans, and photos.
  • Use sandboxing to observe new applications for any signs of danger in a safe environment.
  • Use dedicated antivirus software and update it regularly. Infected devices may be used to spread ransomware without the owner’s knowledge.