REVil 2.2 Releases Updated Version with Persistence and Restart Features And Encryption of Locked or Open Files!

The REvil group continues to enhance REvil. Version 2.2 has a couple new features identified by Intel 471. Supports encryption of open or locked files!

Persistence mechanism

REvil ransomware persists on a machine if the arn configuration field is set to true . It writes its path to the registry key SOFTWARE\Microsoft\Windows\CurrentVersion\Run . An example of the value name of the registry key entry is mjOObKp0yy .

Restart Manager to terminate processes

One of the more interesting new features of REvil version 2.2 is the use of the Windows Restart Manager to terminate processes and services that can lock files targeted for encryption.

For more info:


Featured Webinars


Advanced Phishing and
Training

Monday 1:30 PM – 2:30 PM
» Learn More
Outlook Phish Alert Button
Tuesday 1:30 PM – 2:30 PM
» Learn More
Customizing Phishing Templates, Landing Pages, & Training Notifications
Wednesday 1:30 PM – 2:30 PM
» Learn More
Active Directory Integration
(ADI) Setup

Thursday 1:30 PM – 2:30 PM
» Learn More
Gold/Platinum/Diamond
Features

Friday 1:30 PM – 2:30 PM
» Learn More

Privacy Policy | Terms of Service