Also known as Sodinokibi, REvil has become one of the most prominent ransomware families out there, being involved in a large number of high-profile attacks, including the one on JBS, the world’s largest meat processing company.

REvil is offered by an Eastern Europe/Russia-based threat actor tracked as PINCHY SPIDER, which is known for their RaaS business that previously involved the GandCrab ransomware, which was retired in June 2019, two months after REvil emerged.

On Tuesday, security researchers with Secureworks, which tracks REvil’s operators as GOLD SOUTHFIELD, revealed that a new ransomware family that is making the rounds appears to be nothing more than a repurposed REvil iteration created by a threat actor referred to as GOLD NORTHFIELD.