The free decryption instrument will assist victims restore their encrypted recordsdata from assaults made earlier than July 13, 2021, says Bitdefender.
Organizations that have been compromised by REvil ransomware can now obtain and run a free instrument to decrypt their hijacked recordsdata. In a blog post published Thursday, safety agency Bitdefender introduced the provision of a common decryptor for REvil/Sodinokibi ransomware assaults. Revealing that it created the instrument in partnership with a trusted legislation enforcement entity, Bitdefender mentioned the decryptor is designed to assist victims of this model of ransomware recuperate any encrypted recordsdata from assaults that occurred earlier than July 13, 2021.
SEE: Ransomware: What IT pros need to know (free PDF) (TechRepublic)
Affected organizations can obtain the decryptor immediately from a hyperlink on the finish of Bitdefender’s weblog submit. A hyperlink for a step-by-step tutorial on use the decryption instrument is accessible from the identical submit.
After set up, the instrument scans a complete laptop or a selected folder for encrypted recordsdata. It then decrypts any such recordsdata that it finds. You possibly can set up and run the instrument on a single laptop. Alternatively, you’ll be able to run it silently throughout your community or on a distant machine by a command line course of.
Bitdefender did not reveal a lot about its involvement with the instrument, noting that this matter issues an ongoing investigation and that it might’t disclose any particulars till licensed by the lead investigating legislation enforcement associate. But it surely mentioned that each events felt it essential to launch the decryptor earlier than the investigation is completed to be able to assist as many victims as doable.
After launching a collection of vicious ransomware assaults since 2019, the criminals behind the REvil/Sodinokibi ransomware staged one among their most notorious capers. On July 3, enterprise IT agency Kaseya revealed a successful cyberattack against its VSA product, a program utilized by Managed Service Suppliers (MSPs) to remotely monitor and administer IT providers for purchasers. Given the availability chain nature of Kaseya’s enterprise, more than 1,000 businesses around the world saw their data encrypted as a result of assault.
Proudly taking credit score for the crime, REvil claimed in its “Completely satisfied Weblog” that greater than 1 million methods had been contaminated. The gang additionally devised an attention-grabbing supply that might influence all victims of its ransomware. In change for $70 million price of bitcoin, REvil would supply a common decryptor by which all affected corporations might recuperate their recordsdata.
A couple of weeks later, Kaseya introduced that it had acquired a universal decryptor key for latest victims of REvil. The corporate did not reveal any particulars as to how or the place the decryptor was obtained aside from to say that it got here from a trusted third occasion.
However in one other twist to this saga, a few week earlier than Kaseya got here up with the common decryptor, REvil went off the grid. The group’s Completely satisfied Weblog went offline as did its fee and negotiation web site. The disappearance of the latter truly put victims in a lurch as they now not had a transparent option to take care of the gang or pay the ransom in the event that they selected to take action.
“On July 13 of this 12 months, components of REvil’s infrastructure went offline, leaving contaminated victims who had not paid the ransom unable to recuperate their encrypted knowledge,” Bitdefender mentioned in its submit. “This decryption instrument will now supply these victims the flexibility to take again management of their knowledge and property.”
However the story is way from over. Final week, REvil appeared to come back to life following a two-month break. Each the Completely satisfied Weblog and the fee and negotiation web site popped up on-line as soon as once more. Whether or not or not this implies the group is again in enterprise is unknown. However the of us at Bitdefender advise folks to not let their guard down.
“We consider new REvil assaults are imminent after the ransomware gang’s servers and supporting infrastructure not too long ago got here again on-line after a two-month hiatus,” Bitdefender mentioned. “We urge organizations to be on excessive alert and to take needed precautions.”