Hello. It looks like you’re using an ad blocker that may prevent our website from working properly. To receive the best Tortoise experience possible, please make sure any blockers are switched off and refresh the page.

If you have any questions or need help, let us know at memberhelp@tortoisemedia.com

A Tortoise File

Who is REvil?

Who are the people behind a spate of multi-million dollar ransomware attacks on financial institutions, schools, hospitals and critical infrastructure?

Who is REvil?

First published
Monday 15 November 2021

Last updated
Sunday 14 November 2021

Why this story?

All the signs point to ransomware attacks being a large and growing criminal industry. But the signs – in the form of ransoms we know have been paid – are probably as misleading as any in the world of cybercrime for one simple reason: we don’t know if they point to a tenth, a hundredth or a thousandth of the whole problem. We rely on victims coming forward to give us a sense of scale but succumbing to a ransomware attack is embarrassing. Most organisations pay up and tick the box for no publicity.

The crime itself is almost old fashioned. You seize control of an organisation’s data, put it out of reach by encrypting it, and demand money with menaces. Over the past couple of years, one name has emerged to become, you might almost say, the leading brand in the burgeoning business of ransomware: REvil. Who it is, what it is, where it’s based, who’s behind it – all of that has been mysterious. Until recently when Western security services started to fight back. And now, REvil’s secrets are beginning to emerge. Ceri Thomas, editor