[TheRecord] Universal decryptor released for past REvil ransomware victims

Romanian cybersecurity firm Bitdefender has published today a universal decryption utility that will be able to help past victims of the REvil (Sodinokibi) ransomware gang recover their encrypted files — if they still have them.

Made available through the company’s research blog, Bitdefender said the decryptor was developed “in collaboration with a trusted law enforcement partner.”

The company said it couldn’t elaborate more, citing an ongoing law enforcement investigation.

The tool can recover files encrypted during REvil attacks made before July 13, 2021, Bitdefender said.

The date is when the REvil ransomware gang shut down its web servers following veiled threats and political pressure applied by the White House on its Russian counterparts following the massive attack on Kaseya servers that took place during the July 4th holiday weekend.

Besides taking down servers that were used to orchestrate attacks, manage payment negotiations, and leak victim data, the gang also deleted profiles on dark web forums.

But on September 7, after a two-month hiatus, the group returned online. REvil operators spun up their old sites, created new profiles on forums, and within two days were carrying out new intrusions, according to Avast and AdvIntel.

#Sodinokibi / #REvil #ransomware is back and not just their sites. The latest variant from today: https://t.co/V6qq74UKMR pic.twitter.com/dpfoq0Oy6Y

— Jakub Kroustek (@JakubKroustek) September 9, 2021

A quick visual summary of recent #REvil development by @AdvIntel and our analyst Anastasia Sentsova pic.twitter.com/8gStc3qxVI

— Yelisey Boguslavskiy (@y_advintel) September 13, 2021

While in posts on hacking forums, the REvil gang said their two-month-long downtime had been caused by the disappearance of Unknown, its public spokesperson and one of their operation’s leader, in an interview with Russian news outlet Lenta, one of REvil’s former collaborators (known as an affiliate) said that in reality, the group only took a break, citing “political reasons.”

Citing REvil’s return, Bitdefender said that they and law enforcement officials believed it was “important to release the universal decryptor before the investigation is completed to help as many victims as possible.”

This is not Bitdefender’s first dance with the REvil gang, either. In June 2019, the security firm also released decryption utilities for the GandCrab ransomware, the initial ransomware operation from which the REvil gang evolved.

The post Universal decryptor released for past REvil ransomware victims appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[NCSC-NL] NCSC-NL cordially invites you to its research symposium Let’s do Cybersecurity Research Together

All posts, NCSC-NL

At NCSC-NL we believe that better cybersecurity incident response requires more cooperation and research. Therefore, we proudly announce our upcoming research symposium Let’s Do Cybersecurity Research Together. This event is all about connecting multidisciplinary academic and applied cybersecurity research(ers) with professionals dealing with cybersecurity issues and incidents on a daily basis. Source: Read More (National […]

Read More

[SecurityWeek] Apple: WebKit Bugs Exploited to Hack Older iPhones

All posts, Security Week

Apple late Monday shipped an out-of-band iOS update for older iPhones and iPads alongside a warning that a pair of WebKit security vulnerabilities may have been actively exploited. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[ZDNet] China formally applies to join CPTPP trade pact

All posts, ZDNet

The Middle Kingdom would need existing CPTPP members like Australia to reach a consensus for allowing it the join. Source: Read More (Latest topics for ZDNet in Security)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.