New Delhi, Oct. 11 -- Episode 1: What the Code Tells Us

McAfee's Advanced Threat Research team (ATR) observed a new ransomware family in the wild, dubbed Sodinokibi (or REvil), at the end of April 2019. Around this same time, the GandCrab ransomware crew announced they would shut down their operations. Coincidence? Or is there more to the story?

In this series of blogs, we share fresh analysis of Sodinokibi and its connections to GandCrab.

- Episode 1: What the Code Tells Us

- Episode 2: The All-Stars

- Episode 3: Follow the Money

- Episode 4: Crescendo

In this first installment we share our extensive malware and post-infection analysis and visualize exactly how big the Sodinokibi campaign is.

Background

Since its arrival in Apri...