From Intel471’s Malware Intelligence Team:
REvil aka Sodinokibi, Sodin is a ransomware family operated as a ransomware-as-a-service (RaaS). Deployments of REvil first were observed in April 2019, where attackers leveraged a vulnerability in Oracle WebLogic servers tracked as CVE-2019-2725.
REvil is highly configurable and allows operators to customize the way it behaves on the infected host.
Read their analysis on Intel471.