First identified in 2019, Sodinokibi (also known as REvil or Evil Ransomware) was developed in a private operation - as ransomware-as-a-service (RaaS). The RaaS distribution approach means that many people have had access to the ransomware code, resulting in a wide range of variants and increasingly aggressive attacks from a variety of vectors, including spam and server attacks. This makes it a particularly dangerous form of ransomware.