What you need to know about REvil – the hacking group that extorted hundreds of companies – in one minute or less

Keyboard replaced with ransom-style letters.
The hacking group REvil has launched ransomware attacks against hundreds of companies. Chris Collins/Getty Images
  • REvil is an ambitious hacking group that extorts tens of millions from victims.
  • REvil is likely Russia-based and linked to a ransomware strain used to attack healthcare firms.
  • The group’s solely financial motivations can make it more dangerous than other hacking groups.
  • See more stories on Insider’s business page.

REvil, one of the most notorious and ambitious hacking groups today, has launched attacks against hundreds of companies worldwide, often demanding and receiving millions from its victims, according to CyberScoop.

Most recently, it targeted software provider Kaseya VSA, which passed the malware on to hundreds of its users, and forced JBS, the world’s largest meat processor, to pay a $11 million ransom to regain control of its operations. Here’s what you should know about them:

Who they are

REvil is likely a Russia-based ransomware group, as its code is written to bypass computers that use Russian. This is a common strategy to avoid running afoul of local authorities, according to NBC.

When REvil emerged

REvil’s creators are linked to the architects of GandCrab ransomware, which was first used in 2018 primarily to attack healthcare firms, according to Fortune. One of the first signs of REvil was a 2019 attack that struck 22 Texas towns and demanded a collective ransom of $2.5 million, as reported by ZDNet.

What REvil wants

The group’s only motivation is extorting money from its victims, making it more dangerous than nation-state hacking groups, which might be less willing to attack targets such as hospitals, cybersecurity research Jack Cable told Fortune.

How REvil works

REvil sells its technology to other hackers in exchange for a 20% cut of the ransomware payment elicited by the third-party groups, Fortune reported. The group also threatens to release data and information from the companies it targets on the dark web if companies don’t comply.