BKA Identifies Key Figures Behind REvil Ransomware Operation

Germany’s Federal Criminal Police Office (BKA) identified the real identities of two key figures linked to the defunct REvil (Sodinokibi) ransomware-as-a-service (RaaS) operation. One individual, operating under the alias "UNKN," acted as a group representative and advertised the ransomware on the XSS cybercrime forum in June 2019. The BKA attributed 130 ransomware attacks in Germany to the REvil group. No additional technical details, specific dates of the attacks, or identities of the threat actors were disclosed in the report.