Free REvil Decryptor Launched

Written by

Antivirus vendor Bitdefender has launched a free universal decryption tool to help victims of REvil ransomware, also known as Sodinokibi.

The new tool, made available on Thursday, can restore many files impacted by the crypto-locking malware before July 13, 2021. However, the tool's instructions include the warning that "some versions" of REvil "are not yet decryptable."

REvil victims can download the tool and a step-by-step tutorial on how to use it via the Bitdefender website. The free decryptor is also from the No More Ransomware project, a public-private collaboration involving Europol, Dutch cybercrime law enforcement, and multiple private security firms.

Bitdefender said that the decryption tool was created with "a trusted law enforcement partner" while the investigation into REvil's criminal activities continues.

"Please note this is an ongoing investigation and we can’t comment on details related to this case until authorized by the lead investigating law enforcement partner," Bitdefender said in a statement released September 16. 

"Both parties believe it is important to release the universal decryptor before the investigation is completed to help as many victims as possible."

REvil first came on the cybercrime radar as a Ransomware-as-a-Service (RaaS) operator in April 2019 and grew to become one of the most prolific ransomware gangs on the dark web. 

After successfully extorting millions of dollars from thousands of technology companies, retailers, and managed services providers worldwide, REvil's website went down earlier this year following a major supply-chain attack on IT software provider Kaseya.

"On July 13 of this year, parts of REvil’s infrastructure went offline, leaving infected victims who had not paid the ransom unable to recover their encrypted data," said Bitdefender.

"This decryption tool will now offer those victims the ability to take back control of their data and assets."

Bitdefender and its unnamed law enforcement partner suspect that more attacks from REvil could be about to occur. 

"We believe new REvil attacks are imminent after the ransomware gang’s servers and supporting infrastructure recently came back online after a two-month hiatus," said Bitdefender. "We urge organizations to be on high alert and to take necessary precautions."

What’s hot on Infosecurity Magazine?