Bitdefender offers free decryptor for REvil ransomware victims

2 years ago 340

The escaped decryption instrumentality volition assistance victims reconstruct their encrypted files from attacks made earlier July 13, 2021, says Bitdefender.

Cyber information    lock. Security machine  Data Internet extortion  with lock, cardinal  connected  microscheme chip. Hacker onslaught  and information  breach, accusation  leak concept.

Image: Nature, Getty Images/iStockphoto

Organizations that were compromised by REvil ransomware tin present download and tally a escaped instrumentality to decrypt their hijacked files. In a blog station published Thursday, information steadfast Bitdefender announced the availability of a cosmopolitan decryptor for REvil/Sodinokibi ransomware attacks. Revealing that it created the instrumentality successful concern with a trusted instrumentality enforcement entity, Bitdefender said the decryptor is designed to assistance victims of this marque of ransomware retrieve immoderate encrypted files from attacks that occurred earlier July 13, 2021.

SEE: Ransomware: What IT pros request to cognize (free PDF) (TechRepublic)

Affected organizations tin download the decryptor straight from a nexus astatine the extremity of Bitdefender's blog post. A nexus for a step-by-step tutorial connected however to usage the decryption instrumentality is accessible from the aforesaid post.

After installation, the instrumentality scans an full machine oregon a circumstantial folder for encrypted files. It past decrypts immoderate specified files that it finds. You tin instal and tally the instrumentality connected a azygous computer. Alternatively, you tin tally it silently crossed your web oregon connected a distant instrumentality done a bid enactment process.

Bitdefender didn't uncover overmuch astir its engagement with the tool, noting that this substance concerns an ongoing probe and that it can't disclose immoderate details until authorized by the pb investigating instrumentality enforcement partner. But it said that some parties felt it important to merchandise the decryptor earlier the probe is finished successful bid to assistance arsenic galore victims arsenic possible.

After launching a bid of vicious ransomware attacks since 2019, the criminals down the REvil/Sodinokibi ransomware staged 1 of their astir infamous capers. On July 3, endeavor IT steadfast Kaseya revealed a successful cyberattack against its VSA product, a programme utilized by Managed Service Providers (MSPs) to remotely show and administer IT services for customers. Given the proviso concatenation quality of Kaseya's business, more than 1,000 businesses astir the satellite saw their information encrypted owed to the attack.

Proudly taking recognition for the crime, REvil claimed successful its "Happy Blog" that much than 1 cardinal systems had been infected. The pack besides devised an absorbing connection that would interaction each victims of its ransomware. In speech for $70 cardinal worthy of bitcoin, REvil would supply a cosmopolitan decryptor done which each affected companies could retrieve their files.

A fewer weeks later, Kaseya announced that it had acquired a cosmopolitan decryptor key for caller victims of REvil. The institution didn't uncover immoderate details arsenic to however oregon wherever the decryptor was obtained different than to accidental that it came from a trusted 3rd party.

But successful different twist to this saga, astir a week earlier Kaseya came up with the cosmopolitan decryptor, REvil went disconnected the grid. The group's Happy Blog went offline arsenic did its outgo and dialog site. The disappearance of the second really enactment victims successful a lurch arsenic they nary longer had a wide mode to woody with the pack oregon wage the ransom if they chose to bash so.

"On July 13 of this year, parts of REvil's infrastructure went offline, leaving infected victims who had not paid the ransom incapable to retrieve their encrypted data," Bitdefender said successful its post. "This decryption instrumentality volition present connection those victims the quality to instrumentality backmost power of their information and assets."

But the communicative is acold from over. Last week, REvil appeared to travel backmost to life pursuing a two-month break. Both the Happy Blog and the outgo and dialog tract popped up online erstwhile again. Whether oregon not this means the radical is backmost successful concern is unknown. But the folks astatine Bitdefender counsel radical not to fto their defender down.

"We judge caller REvil attacks are imminent aft the ransomware gang's servers and supporting infrastructure precocious came backmost online aft a two-month hiatus," Bitdefender said. "We impulse organizations to beryllium connected precocious alert and to instrumentality indispensable precautions."

Cybersecurity Insider Newsletter

Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and Thursdays

Sign up today

Also see

Read Entire Article