REvil (aka Sodinokibi) is a ransomware-as-a-service operation known for breaching corporate networks using exploits, exposed remote desktop services, spam, as well as hacked Managed Service Providers. REvil operators have been observed while scanning one of their victim’s network for Point of Sale (PoS) servers by researchers with Symantec’s Threat Intelligence team. The attackers spread laterally while stealing data from servers and workstations, encrypting all the machines on the network after gaining administrative access to a domain controller.
Source: https://www.bleepingcomputer.com/news/security/revil-ransomware-scans-victims-network-for-point-of-sale-systems/