The free decryption tool will help victims restore their encrypted files from attacks made before July 13, 2021, says Bitdefender.
Image: Nature, Getty Images/iStockphoto
Organizations that were compromised by REvil ransomware can now download and run a free tool to decrypt their hijacked files. In a blog post published Thursday, security firm Bitdefender announced the availability of a universal decryptor for REvil/Sodinokibi ransomware attacks. Revealing that it created the tool in partnership with a trusted law enforcement entity, Bitdefender said the decryptor is designed to help victims of this brand of ransomware recover any encrypted files from attacks that occurred before July 13, 2021.
SEE: Ransomware: What IT pros need to know (free PDF) (TechRepublic)
Affected organizations can download the decryptor directly from a link at the end of Bitdefender’s blog post. A link for a step-by-step tutorial on how to use the decryption tool is accessible from the same post.
After installation, the tool scans an entire computer or a specific folder for encrypted files. It then decrypts any such files that it finds. You can install and run the tool on a single computer. Alternatively, you can run it silently across your network or on a remote machine through a command line process.
Bitdefender didn’t reveal much about its involvement with the tool, noting that this matter concerns an ongoing investigation and that it can’t disclose any details until authorized by the lead investigating law enforcement partner. But it said that both parties felt it important to release the decryptor before the investigation is finished in order to help as many victims as possible.
After launching a series of vicious ransomware attacks since 2019, the criminals behind the REvil/Sodinokibi ransomware staged one of their most infamous capers. On July 3, enterprise IT firm Kaseya revealed a successful cyberattack against its VSA product, a program used by Managed Service Providers (MSPs) to remotely monitor and administer IT services for customers. Given the supply chain nature of Kaseya’s business, more than 1,000 businesses around the world saw their data encrypted due to the attack.
Proudly taking credit for the crime, REvil claimed in its “Happy Blog” that more than 1 million systems had been infected. The gang also devised an interesting offer that would impact all victims of its ransomware. In exchange for $70 million worth of bitcoin, REvil would provide a universal decryptor through which all affected companies could recover their files.
A few weeks later, Kaseya announced that it had acquired a universal decryptor key for recent victims of REvil. The company didn’t reveal any details as to how or where the decryptor was obtained other than to say that it came from a trusted third party.
But in another twist to this saga, about a week before Kaseya came up with the universal decryptor, REvil went off the grid. The group’s Happy Blog went offline as did its payment and negotiation site. The disappearance of the latter actually put victims in a lurch as they no longer had a clear way to deal with the gang or pay the ransom if they chose to do so.
“On July 13 of this year, parts of REvil’s infrastructure went offline, leaving infected victims who had not paid the ransom unable to recover their encrypted data,” Bitdefender said in its post. “This decryption tool will now offer those victims the ability to take back control of their data and assets.”
But the story is far from over. Last week, REvil appeared to come back to life following a two-month break. Both the Happy Blog and the payment and negotiation site popped up online once again. Whether or not this means the group is back in business is unknown. But the folks at Bitdefender advise people not to let their guard down.
“We believe new REvil attacks are imminent after the ransomware gang’s servers and supporting infrastructure recently came back online after a two-month hiatus,” Bitdefender said. “We urge organizations to be on high alert and to take necessary precautions.”
Cybersecurity Insider Newsletter
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays
Also see
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsAzi is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
