[TheRecord] Universal decryptor released for past REvil ransomware victims

Romanian cybersecurity firm Bitdefender has published today a universal decryption utility that will be able to help past victims of the REvil (Sodinokibi) ransomware gang recover their encrypted files — if they still have them.

Made available through the company’s research blog, Bitdefender said the decryptor was developed “in collaboration with a trusted law enforcement partner.”

The company said it couldn’t elaborate more, citing an ongoing law enforcement investigation.

The tool can recover files encrypted during REvil attacks made before July 13, 2021, Bitdefender said.

The date is when the REvil ransomware gang shut down its web servers following veiled threats and political pressure applied by the White House on its Russian counterparts following the massive attack on Kaseya servers that took place during the July 4th holiday weekend.

Besides taking down servers that were used to orchestrate attacks, manage payment negotiations, and leak victim data, the gang also deleted profiles on dark web forums.

But on September 7, after a two-month hiatus, the group returned online. REvil operators spun up their old sites, created new profiles on forums, and within two days were carrying out new intrusions, according to Avast and AdvIntel.

#Sodinokibi / #REvil #ransomware is back and not just their sites. The latest variant from today: https://t.co/V6qq74UKMR pic.twitter.com/dpfoq0Oy6Y

— Jakub Kroustek (@JakubKroustek) September 9, 2021

A quick visual summary of recent #REvil development by @AdvIntel and our analyst Anastasia Sentsova pic.twitter.com/8gStc3qxVI

— Yelisey Boguslavskiy (@y_advintel) September 13, 2021

While in posts on hacking forums, the REvil gang said their two-month-long downtime had been caused by the disappearance of Unknown, its public spokesperson and one of their operation’s leader, in an interview with Russian news outlet Lenta, one of REvil’s former collaborators (known as an affiliate) said that in reality, the group only took a break, citing “political reasons.”

Citing REvil’s return, Bitdefender said that they and law enforcement officials believed it was “important to release the universal decryptor before the investigation is completed to help as many victims as possible.”

This is not Bitdefender’s first dance with the REvil gang, either. In June 2019, the security firm also released decryption utilities for the GandCrab ransomware, the initial ransomware operation from which the REvil gang evolved.

The post Universal decryptor released for past REvil ransomware victims appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ZDNet] Bugs in Chrome’s JavaScript engine can lead to powerful exploits. This project aims to stop them

All posts, ZDNet

Additional protections for one key part of Chrome could stop attacks faster. Source: Read More (Latest topics for ZDNet in Security)

Read More

[HackerNews] Beware! Connecting to This Wireless Network Can Break Your iPhone’s Wi-Fi Feature

All posts, HackerNews

A wireless network naming bug has been discovered in Apple’s iOS operating system that effectively disables an iPhone’s ability to connect to a Wi-Fi network. The issue was spotted by security researcher Carl Schou, who found that the phone’s Wi-Fi functionality gets permanently disabled after joining a Wi-Fi network with the unusual name “%p%s%s%s%s%n” even after […]

Read More

[BleepingComputer] Microsoft Teams bug is prompting users to select a certificate

A recent Microsoft Teams update is causing a “Select a certificate” prompt to be displayed to Teams users before they can use the software. […] Source: Read More (BleepingComputer)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.