Revil ransomware gang (aka Sodinokibi)

On its official blog accessible via Tor browser, as seen by, the ransomware operator claims to have “downloaded databases and other important data” belonging to the telecom giant.

SEE: Police just seized DoubleVPN – Bad news for ransomware gangs

As proof of its hack, the group has also shared screenshots apparently of the stolen MasMovil data that shows folders named Backup, RESELLERS, PARLEM, and OCU, etc.

It is worth noting that at the time of publishing this article; MasMovil had acknowledged the ransomware attack however, there was no demand for ransom from the Revil gang.

Spanish telecom giant MasMovil hit by Revil ransomware gang

Screenshots published by the Revil group (Image:

The attack structure of the Revil ransomware operator follows the same modus operandi as other ransomware groups such as breaching the security of its target, stealing data and locking the files on the victim’s system and demand ransom payment for decrypter key/tool.

Revil means bad news

For those unaware of Revil’s activities; the group is known for targeting high-profile businesses and organizations. For instance, on June 15th, 2021, Revil claimed to breach US nuclear weapons contractor Sol Oriens.

The same group was also behind the breach against Apple supplier Quanta in April 2021 while earlier in March this year the ransomware operators targeted technology giant Acer and demanded a ransom of $50 million. 

How big is MasMovil in Spain?

As for MasMovil; the telecom operator is big in Spain. The Group’s fixed network reaches 18 million households with ADSL and close to 26 million with optical fiber. Its 4G mobile network covers 98,5% of the Spanish population.

The company also owns brands like Yoigo, Pepephone, Llamaya, Lebara. It is unclear what is next for MasMovil. Nevertheless, is keeping an eye on the situation and will be updating this article accordingly.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

Posted by Charlie