Skip to content

Hide Navigation Hide TOC

REvil (9314531e-bf46-4cba-9c19-198279ccf9cd)

REvil is a ransomware family that has been linked to the GOLD SOUTHFIELD group and operated as ransomware-as-a-service (RaaS) since at least April 2019. REvil, which as been used against organizations in the manufacturing, transportation, and electric sectors, is highly configurable and shares code similarities with the GandCrab RaaS.[Secureworks REvil September 2019][Intel 471 REvil March 2020][Group IB Ransomware May 2020]

Cluster A Galaxy A Cluster B Galaxy B Level
TA577 (28f3dbcc-b248-442f-9ff3-234210bb2f2a) Tidal Groups REvil (9314531e-bf46-4cba-9c19-198279ccf9cd) Tidal Software 1
GOLD SOUTHFIELD (b4d068ac-9b68-4cd8-bf0c-019f910ef8e3) Tidal Groups REvil (9314531e-bf46-4cba-9c19-198279ccf9cd) Tidal Software 1
REvil (9314531e-bf46-4cba-9c19-198279ccf9cd) Tidal Software FIN7 (4348c510-50fc-4448-ab8d-c8cededd19ff) Tidal Groups 1