Tuesday, July 7, 00:33
Home security REvil ransomware 2.2: Encrypts open and locked files

REvil ransomware 2.2: Encrypts open and locked files

REvil ransomware, also known as Sodinokibi, was strongly observed in late April 2019. REvil ransomware is part of the Ransomware-as-a-Service (RaaS), in which a set of individuals retains the source code, while other subsidiaries distribute ransomware. Many researchers believe that REvil ransomware is similar to it GandCrab ransomware, since with the advent of REvil ransomware, the activity of GandCrab ransomware has been greatly reduced, while at the same time they have the same codes. The hackers behind the development and maintenance of this malware have released a new version of this ransomware, REvil ransomware 2.2. This news version ransomware uses Windows Restart Manager API, aiming to terminate procedures that open the file that has been targeted for encryption. This is because if the file is opened with a specific process, then another process in the same file will be terminated by their system. Windows. Intel 471 researchers malware Intelligence found that Sodinokibi ransomware has now applied this technique using Windows Restart Manager. Windows Restart Manager is also used by other ransomware, such as SamSam and LockerGoga. In addition, REVIL ransomware opens files for encryption without sharing (dwShareMode is equal to 0). As a result, Restart Manager is notified every time an attempt is made to open an already open file. In addition, the hackers added a command-line option, which is "silent" and omits blacklisted procedures and services as well as deleting shadow copies.

Popular analyst Vitali Kremez noted that REvil Decryptor v2.2 also uses the Windows Restart Manager API to terminate any process in which files are decrypted. Finally, with the new features added now, REvil Ransomware 2.2 can encrypt some extremely critical files.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


Windows 10 2004: Unauthorized settings "block" the upgrade

Users report that they have a problem with Windows 10, since they are excluded from the application of the May 2020 update, when they manually attempt to ...

Lenovo is improving Linux ThinkPads but the problems remain

Last month, when Lenovo announced that it was going to certify the ThinkPad series for use with Linux operating systems, we thought directly ...

Nigerian accused of fraud against US companies

A Nigerian was taken to the federal court in Chicago on Friday, after being accused of coordinating an international cyber fraud system, which affected ...

Home routers display critical errors and run unpatched Linux

The German Fraunhofer Communication Institute (FKIE) conducted a survey that included 127 home routers from seven different brands, in an effort to ...

IPhone 12 release: Will we finally see it by the end of 2021?

New data on the release of the iPhone 12, which we all expect not to happen in September, say that it will only be delayed ...

MySQL: Replaces terms that reinforce racial discrimination

MySQL database developers have announced that they will be replacing terminology such as master, slave, blacklist, and whitelist.

The CEO of a cryptocurrency investment company was cheating

As reported by News24, Willie Breedt, the founder of VaultAge Solutions (cryptocurrency investment company), declared bankruptcy last week and the ...

United Kingdom: Will it exclude Huawei from its 5G networks?

The UK government has received an NCSC report on Huawei, which may change its policy ...

A Yahoo engineer is not in jail after hacking 6.000 accounts

A former Yahoo engineer has been sentenced to five years in prison for hacking into personal accounts ...

PoC exploits released for critical vulnerability on F5 BIG-IP devices

PoC exploits released for critical vulnerability on F5 BIG-IP devices Two days after the release of updates on critical vulnerability on F5 ...