Romania-based cybersecurity firm Bitdefender has released the much-awaited universal decryptor for REvil ransomware victims in collaboration with an undisclosed but trusted law enforcement partner.
Bitdefender has released a free, universal decryptor key for REvil ransomware to unlock data of impacted organizations that got encrypted due to REvil aka Sodinokibi ransomware attacks before the infamous gang’s servers went belly-up on July 13th, 2021.
The company stated that all victims who got their files/data encrypted by the REvil ransomware might use the decryptor key to restore them.
“On July 13 of this year, parts of REvil’s infrastructure went offline, leaving infected victims who had not paid the ransom unable to recover their encrypted data. This decryption tool will now offer those victims the ability to take back control of their data and assets,” Bitdefender’s official announcement read.
If you are a victim of REvil ransomware, you can download the new decryption tool free of charge to recover your data.
REvil Reemerges After Kaseya Attacks
The announcement from Bitdefender comes mere days after REvil resurfaced again in September after carrying out extortion-based DDoS attacks on two United Kingdom-based ISTPs.
It is worth noting that in July 2021, REvil went offline after orchestrating the notorious attacks on Kaseya, targeting thousands of MSPs (managed service providers). Post this incident, its assets on the World Wide Web and the Dark Web went offline.
Last week after remaining offline for two months, an alleged rep of the gang was contacting members on Exploit, a Russian-language cybercrime forum, and claimed that the group was about to resume its activities.
Bitdefender Didn’t Share the Details as yet!
The cybersecurity firm hasn’t shared details on how it developed the decryptor key and only revealed that a law enforcement partner helped it achieve this feat. Since the investigation is still ongoing, the company refrained from disclosing details of the process.
“Please note this is an ongoing investigation and we can’t comment on details related to this case until authorized by the lead investigating law enforcement partner. Both parties believe it is important to release the universal decryptor before the investigation is completed to help as many victims as possible,” Bitdefender’s press released stated.
You can download the REvil decrypter by clicking here (direct download on your Windows device).
A guide on how to use the REvil decryption tool is available here [PDF].
REvil is one of the most dangerous ransomware-as-a-service (RaaS) operators supposedly based in a Commonwealth of Independent States (CIS) country.
The gang emerged in 2019 after the now-defunct GandCrab ransomware and quickly created a name for itself on the Dark Web, targeting thousands of MSPs, tech firms, and retailers worldwide, demanding as much as $70 million from their victims after encrypting data.