Free REvil ransomware decryptor released for past victims

Daniel Sims

Posts: 404   +17
What just happened? This week security company Bitdefender, collaborating with law enforcement, released free software to help victims of REvil—the ransomware behind the Kaseya attack in July. After appearing to go on hiatus over the summer, the group behind the ransomware has reemerged.

Bitdefender can't say which law enforcement agencies it's working with because their investigation into REvil is ongoing. They can't reveal details until its lead partner in the case advises it, but in a statement, they determined they should release the decryptor as soon as possible to help those hit by REvil ransomware.

Bitdefender claims the universal decryptor can unlock the files on any system that REvil encrypted before July 13 of this year, which is when the group went dark. REvil's apparent disappearance worried Bitdefender because that meant victims that hadn't paid a ransom to get a decryptor now had no way to get one. REvil's payment site, along with all its other sites on the dark web, had gone offline.

Last week an analyst for security company Emsisoft noted REvil's blog was back online. Then today, they reported REvil's announcement that it had hit a new victim. Bitdefender said it thinks new attacks are imminent, suggesting organizations stay on high alert.

On July 2, REvil hit remote management and IT platform Kaseya, and through it, hundreds of businesses worldwide. It then offered to release a universal decryptor for a record ransom of $70 million in Bitcoin.

President Joe Biden instructed US intelligence agencies to investigate the attack, later saying that the damage on US businesses appeared to be minimal. They could not determine whether the Russian government was directly responsible.

For those that need it, Bitdefender has instructions on how to download and use the decryptor on its website.

Image credit: Christiaan Colen, CC BY-SA 2.0

Permalink to story.