BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks

Germany's Federal Criminal Police Office (BKA) has identified two key figures behind the now-defunct REvil ransomware-as-a-service operation, linking them to approximately 130 ransomware attacks in Germany. One identified actor used the alias UNKN and served as a group representative, actively advertising the REvil ransomware on the XSS cybercrime forum in June 2019. REvil, also known as Sodinokibi, operated as a prominent RaaS model, allowing affiliates to deploy the ransomware in exchange for a share of ransom payments. This identification marks a significant milestone in law enforcement's ongoing efforts to attribute and hold ransomware operators accountable for their attacks.

Germany's Federal Criminal Police Office (aka BKA or the Bundeskriminalamt) has unmasked the real identities of two of the key figures associated with the now-defunct REvil (aka Sodinokibi) ransomware-as-a-service (RaaS) operation. One of the threat actors, who went by the alias UNKN, functioned as a representative of the group, advertising the ransomware in June 2019 on the XSS cybercrime forum

Germany's Federal Criminal Police Office (BKA) has identified two key figures behind the now-defunct REvil ransomware-as-a-service operation, linking them to approximately 130 ransomware attacks in Germany. One identified actor used the alias UNKN and served as a group representative, actively advertising the REvil ransomware on the XSS cybercrime forum in June 2019. REvil, also known as Sodinokibi, operated as a prominent RaaS model, allowing affiliates to deploy the ransomware in exchange for a share of ransom payments. This identification marks a significant milestone in law enforcement's ongoing efforts to attribute and hold ransomware operators accountable for their attacks. Germany's Federal Criminal Police Office (aka BKA or the Bundeskriminalamt) has unmasked the real identities of two of the key figures associated with the now-defunct REvil (aka Sodinokibi) ransomware-as-a-service (RaaS) operation. One of the threat actors, who went by the alias UNKN, functioned as a representative of the group, advertising the ransomware in June 2019 on the XSS cybercrime forum Germany's Federal Criminal Police Office (aka BKA or the Bundeskriminalamt) has unmasked the real identities of two of the key figures associated with the now-defunct REvil (aka Sodinokibi) ransomware-as-a-service (RaaS) operation. One of the threat actors, who went by the alias UNKN, functioned as a representative of the group, advertising the ransomware in June 2019 on the XSS cybercrime forum