A Detailed Analysis Of The Last Version Of REvil Ransomware

REvil/Sodinokibi ransomware has been active since 2019, with breaks due to law enforcement. The malware comes with an RC4 encrypted configuration, kills a list of targeted processes, and stops some specified services. It also deletes all Volume Shadow Copies using WMI and targets logical drives and network shares.