REvil, which is also known as Sodinokibi, was first identified in April last year and is operated by the GOLD SOUTHFIELD threat group, according to the counter threat unit research team at Secureworks.
iTWire contacted Geidi on Tuesday, using the Web form on the company's site, the only means of contact available apart from a 1300 number. No response has yet been received.
A list of some of the files purloined from Geidi has been glimpsed by iTWire.
The company offers business solutions, IT support and infrastructure, and cloud computing facilities.
REvil operates in much the same manner as Maze; the people behind the software make a ransom demand and then wait to hear from the victim. If the ransom is not paid, then some of the data that has been pilfered during the attack is published.
As iTWire has reported, Maze hit the Australian freight forwarding and logistics firm Henning Harders earlier this month.
If a REvil victim is not persuaded by this, then more data is made public. Like Maze, REvil also posts data on underground forums for other miscreants to pick up and use for their own nefarious purposes.
The ransomware is able to exploit a 2018 vulnerability in Windows to elevate privileges, a flaw that Microsoft rates as important.
According to Secureworks, the first instances of REvil were delivered by exploiting vulnerabilities in Oracle WebLogic.
Since then, it has also added functionality to attack through malicious spam campaigns and remote desktop protocol attacks.