2 min read

Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

Bitdefender

September 16, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

**Update: September 20, 2021

We are glad to report that hundreds of victims and counting have been able to decrypt their data. We also wanted to report that we resolved an issue that could affect a small subset of victims using the decryptor in a particular setting. We immediately reconfigured the decryptor and delivered an update within hours. Victims using all encryption modes can safely decrypt their data.


Bitdefender announced the availability of a universal decryptor for REvil/Sodinokibi. Created in collaboration with a trusted law enforcement partner, this tool helps victims encrypted by REvil ransomware to restore their files and recover from attacks made before July 13, 2021.

On July 13 of this year, parts of REvil’s infrastructure went offline, leaving infected victims who had not paid the ransom unable to recover their encrypted data. This decryption tool will now offer those victims the ability to take back control of their data and assets.

Please note this is an ongoing investigation and we can’t comment on details related to this case until authorized by the lead investigating law enforcement partner. Both parties believe it is important to release the universal decryptor before the investigation is completed to help as many victims as possible.

We believe new REvil attacks are imminent after the ransomware gang’s servers and supporting infrastructure recently came back online after a two month hiatus. We urge organizations to be on high alert and to take necessary precautions.

Who is REvil/Sodinokibi?

REvil is a Ransomware-as-a-Service (RaaS) operator likely based in a Commonwealth of Independent States (CIS) country. It emerged in 2019 as a successor of the now-defunct GandCrab ransomware and is one of the most prolific ransomware on the dark web as affiliates have targeted thousands of technology companies, managed service providers and retailers around the world.

After successfully encrypting a business’ data, REvil affiliates demand large ransoms up to US $70 million in exchange for a decryption key and the assurance they will not publish the internal data exfiltrated during the attack.

Ransomware continues to gain popularity throughout 2021 and remains a favored attack threatening organizations of all sizes in all industries.

Download the REvil Decryption Tool

Victims of REvil ransomware can download the new decryption tool for free to recover their data.

Download the REvil decryptor

A step-by-step tutorial on how to use the REvil decryption tool is available here.

tags


Author



Right now

Top posts

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

July 21, 2021

9 min read
How We Tracked a Threat Group Running an Active Cryptojacking Campaign

How We Tracked a Threat Group Running an Active Cryptojacking Campaign

July 14, 2021

10 min read
A Note from the Bitdefender Labs Team on Ransomware and Decryptors

A Note from the Bitdefender Labs Team on Ransomware and Decryptors

May 26, 2021

2 min read
New Nebulae Backdoor Linked with the NAIKON Group

New Nebulae Backdoor Linked with the NAIKON Group

April 28, 2021

1 min read
Good riddance, GandCrab! We’re still fixing the mess you left behind.

Good riddance, GandCrab! We’re still fixing the mess you left behind.

June 17, 2019

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware
Bitdefender

September 16, 2021

2 min read
New Bitdefender Decryptor for Avaddon Infections New Bitdefender Decryptor for Avaddon Infections
Bogdan BOTEZATU

June 21, 2021

1 min read