REvil Ransomware

REvil Ransomware Description

Cybersecurity experts have spotted a new ransomware threat circulating the Web recently. This data-encrypting Trojan is called REvil Ransomware and also is known as the Sodinokibi Ransomware.

Infiltration and Encryption

Malware experts have not been able to reach a consensus as to what method is employed in the propagation of the REvil Ransomware. It is largely believed that the authors of the REvil Ransomware may be using some of the most common techniques to spread this file-locking Trojan – bogus application updates, infected pirated software downloaded from unofficial sources, and spam emails, which contain corrupted attachments. If the REvil Ransomware manages to penetrate a system, it will begin the attack with a quick scan of the files present on the computer. The goal is to find and locate the files, which the REvil Ransomware was programmed to go after. Then, the encryption process will be triggered, and all the targeted files will be locked using an encryption algorithm. Upon locking a file, the REvil Ransomware adds an extension to its filename, which consists of uniquely generated random string for each victim, for example ‘.294l0jaf59.’ This means that once a file, which was originally named ‘kitty-litter.jpg’ undergoes the encryption process of the REvil Ransomware, its name will be altered to ‘kitty-litter.jpg.294l0jaf59.’

The Ransom Note

The next phase is the dropping of the ransom note. The REvil Ransomware’s note will be named ‘294l0jaf59-HOW-TO-DECRYPT.txt’ if we carry on with the example of the uniquely generated extension for earlier. The ransom message reads:

’--=== Welcome. Again. ===---

[+] Whats Happen? [+]

Your files are encrypted, and currently unavailable. You can check it: all files on you computer has expansion 686l0tek69.
By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER).

[+] What guarantees? [+]

Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.
To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.
If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money.

[+] How to get access on website? [+]

You have two ways:

1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: hxxps://
b) Open our website: hxxp://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/913AED0B5FE1497D

2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website:

Warning: secondary website can be blocked, thats why first variant much better and more available.

When you open our website, put the following data in the input form:


Extension name:


!!! DANGER !!!
DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data.
!!! !!! !!!
ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere.
!!! !!! !!!’

The attackers demand $2500 in Bitcoin as a ransom fee. However, if the sum is not paid within 72 hours, it doubles to $5000.

The sum demanded by the authors of the REvil Ransomware is pretty hefty, and we would advise you strongly against paying up and giving in to any demands made by cybercriminals like the ones responsible for this data-locking Trojan. A wiser option would be to make sure you download and install a reputable anti-virus software suite, which would keep your system secure from threats like the REvil Ransomware.

Do You Suspect Your PC May Be Infected with REvil Ransomware & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like REvil Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Related Posts

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.