This paper goes into detail about the REvil ransomware variant and its operators to provide an in-depth look at how it begins its infection chain and why.
Ransomware: Getting Started Guide and Deep Dive into REvil
This paper goes into detail about the REvil ransomware variant and its operators to provide an in-depth look at how it begins its infection chain and why. The paper also covers publicly available information on REvil’s cyber-attacks that targeted industries in the healthcare sector, and why it matters. The paper consists of two main parts. Sections 2 and 3 document the REvil malware’s operation in the flow of a typical operation, based upon observations documented in the MITRE ATT&CK® Framework, additional public threat reporting, and some internal analysis in the MITRE Lab. Section 4 reviews these adversary behaviors from the perspective of a defender, giving guidance on how cyber practitioners could detect and protect against such a threat.
For additional information and resources, visit https://healthcyber.mitre.org.