{
	"id": "522c32ae-9e1e-4dfe-a54d-1d4211de319c",
	"created_at": "2026-04-06T00:06:48.885039Z",
	"updated_at": "2026-04-10T03:20:56.571871Z",
	"deleted_at": null,
	"sha1_hash": "185f256a7e7926bdbe4f24702047eb8a398c80e6",
	"title": "Cybereason vs. REvil Ransomware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 777245,
	"plain_text": "Cybereason vs. REvil Ransomware\r\nBy Cybereason Team\r\nArchived: 2026-04-05 14:29:22 UTC\r\nAccording to reports, meatpacking giant JBS was hit with a serious attack reportedly involving REvil\r\nransomware, shutting down a good portion of the company’s production capabilities and threatening to create\r\nsupply chain disruptions and sharp cost of goods increases.\r\nBack in April of 2019, the Cybereason Nocturnus team first encountered and analyzed a new type of ransomware\r\ndubbed REvil (aka Sodinokibi, Sodin), a notoriously aggressive and highly evasive threat that takes many\r\nmeasures to maintain obfuscation and prevent detection by security tools. \r\nThe Cybereason Defense Platform is proven to detect and block REvil ransomware since it emerged in 2019, and\r\ncontinues to allow defenders to protect their organizations from this evolving threat:\r\nThe Cybereason Defense Platform Detects and Blocks REvil Ransomware\r\nTested sample in the video was uploaded to VirusTotal on June 2nd 2021: \r\nSHA-256: \r\n04419b76566142902680b2c44b216905b44a5743502530066e408bac72d20864\r\nhttps://www.cybereason.com/blog/cybereason-vs.-revil-ransomware\r\nPage 1 of 4\n\nCybereason AI-based NGAV solution prevents the execution of the REVIL ransomware\r\nCybereason Anti-Ransomware technology detects and blocks REvil\r\nOver time, REvil has become the largest ransomware cartel operating in operation to date. Subsequent attacks\r\nattributed to the REvil gang include a March, 2021 attack against Taiwanese multinational electronics corporation\r\nAcer where the assainlants demanded a record breaking $50 million ransom. \r\nIn April, the REvil gang attempted to extort Apple following an attack against one of the tech giant’s business\r\npartners with a $50 million ransom demand with the additional threats to increase the ransom demand to $100\r\nmillion and release exfiltrated data from the target should the payment not be made promptly.\r\nThe REvil ransomware gang have previously been connected to the same authors of the prolific GandCrab\r\nransomware, which was retired in June 2019. GandCrab was responsible for 40% of all ransomware infections\r\nglobally. If the association is accurate, GandCrab sets a good example for just how impactful REvil may become.\r\nMuch like the DarkSide ransomware gang that struck Colonial Pipeline in early May, the REvil gang follows the\r\ndouble extortion trend, where the threat actors first exfiltrates sensitive information stored on a victim’s systems\r\nbefore launching the encryption routine. \r\nAfter the ransomware encrypts the target’s data and issues the ransom demand for payment in exchange for the\r\ndecryption key, the threat actors make the additional threat of publishing the exfiltrated data online should the\r\ntarget refuse to make the ransom payment. \r\nThis means the target is still faced with the prospect of having to pay the ransom regardless of whether or not they\r\nemployed data backups as a precautionary measure, and underscores the need to take a prevention-first security\r\nposture.\r\nRansomware Prevention Capabilities are Key\r\nThe best ransomware defense for organizations is to focus on preventing a ransomware infection in the first place.\r\nOrganizations need visibility into the more subtle Indicators of Behavior (IOBs) that allow detection and\r\nprevention of a ransomware attack at the earliest stages. \r\nCybereason delivers fearless ransomware protection via multi-layered prevention, detection and response,\r\nincluding:\r\nAnti ransomware prevention and deception: Cybereason uses a combination of behavioral detections\r\nand proprietary deception techniques surface the most complex ransomware threats and end the attack\r\nbefore any critical data can be encrypted.\r\nIntelligence-Based Antivirus: Cybereason blocks known ransomware variants leveraging an ever-growing\r\npool of threat intelligence based on previously detected attacks.\r\nNGAV: Cybereason NGAV is powered by machine learning and recognizes malicious components in code\r\nto block unknown ransomware variants prior to execution.\r\nhttps://www.cybereason.com/blog/cybereason-vs.-revil-ransomware\r\nPage 2 of 4\n\nFileless Ransomware Protection: Cybereason disrupts attacks utilizing fileless and MBR-based\r\nransomware that traditional antivirus tools miss.\r\nEndpoint Controls: Cybereason hardens endpoints against attacks by managing security policies,\r\nmaintaining device controls, implementing personal firewalls and enforcing whole-disk encryption across a\r\nrange of device types, both fixed and mobile.\r\nBehavioral Document Protection: Cybereason detects and blocks ransomware hidden in the most\r\ncommon business document formats, including those that leverage malicious macros and other stealthy\r\nattack vectors.\r\nCybereason is dedicated to teaming with defenders to end cyber attacks from endpoints to the enterprise to\r\neverywhere - including modern ransomware. Learn more about ransomware defense here or schedule a demo\r\ntoday to learn how your organization can benefit from an operation-centric approach to security.\r\nAbout the Author\r\nCybereason Team\r\n \r\nCybereason is dedicated to partnering with Defenders to end attacks at the endpoint, in the cloud and across the\r\nentire enterprise ecosystem. Only the AI-driven Cybereason XDR Platform provides predictive prevention,\r\ndetection and response that is undefeated against modern ransomware and advanced attack techniques. The\r\nCybereason MalOp™ instantly delivers context-rich attack intelligence across every affected device, user and\r\nhttps://www.cybereason.com/blog/cybereason-vs.-revil-ransomware\r\nPage 3 of 4\n\nsystem with unparalleled speed and accuracy. Cybereason turns threat data into actionable decisions at the speed\r\nof business.\r\nAll Posts by Cybereason Team\r\nSource: https://www.cybereason.com/blog/cybereason-vs.-revil-ransomware\r\nhttps://www.cybereason.com/blog/cybereason-vs.-revil-ransomware\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.cybereason.com/blog/cybereason-vs.-revil-ransomware"
	],
	"report_names": [
		"cybereason-vs.-revil-ransomware"
	],
	"threat_actors": [],
	"ts_created_at": 1775434008,
	"ts_updated_at": 1775791256,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/185f256a7e7926bdbe4f24702047eb8a398c80e6.pdf",
		"text": "https://archive.orkl.eu/185f256a7e7926bdbe4f24702047eb8a398c80e6.txt",
		"img": "https://archive.orkl.eu/185f256a7e7926bdbe4f24702047eb8a398c80e6.jpg"
	}
}