Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware
**Update: September 20, 2021
We are glad to report that hundreds of victims and counting have been able to decrypt their data. We also wanted to report that we resolved an issue that could affect a small subset of victims using the decryptor in a particular setting. We immediately reconfigured the decryptor and delivered an update within hours. Victims using all encryption modes can safely decrypt their data.
Bitdefender announced the availability of a universal decryptor for REvil/Sodinokibi. Created in collaboration with a trusted law enforcement partner, this tool helps victims encrypted by REvil ransomware to restore their files and recover from attacks made before July 13, 2021.
On July 13 of this year, parts of REvil’s infrastructure went offline, leaving infected victims who had not paid the ransom unable to recover their encrypted data. This decryption tool will now offer those victims the ability to take back control of their data and assets.
Please note this is an ongoing investigation and we can’t comment on details related to this case until authorized by the lead investigating law enforcement partner. Both parties believe it is important to release the universal decryptor before the investigation is completed to help as many victims as possible.
We believe new REvil attacks are imminent after the ransomware gang’s servers and supporting infrastructure recently came back online after a two month hiatus. We urge organizations to be on high alert and to take necessary precautions.
Who is REvil/Sodinokibi?
REvil is a Ransomware-as-a-Service (RaaS) operator likely based in a Commonwealth of Independent States (CIS) country. It emerged in 2019 as a successor of the now-defunct GandCrab ransomware and is one of the most prolific ransomware on the dark web as affiliates have targeted thousands of technology companies, managed service providers and retailers around the world.
After successfully encrypting a business’ data, REvil affiliates demand large ransoms up to US $70 million in exchange for a decryption key and the assurance they will not publish the internal data exfiltrated during the attack.
Ransomware continues to gain popularity throughout 2021 and remains a favored attack threatening organizations of all sizes in all industries.
Download the REvil Decryption Tool
Victims of REvil ransomware can download the new decryption tool for free to recover their data.
A step-by-step tutorial on how to use the REvil decryption tool is available here.
BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign
December 06, 2022
Side-Loading OneDrive for profit – Cryptojacking campaign detected in the wild
October 05, 2022
A Red Team Perspective on the Device42 Asset Management Appliance
August 10, 2022
Vulnerabilities Identified in Wyze Cam IoT Device
March 29, 2022
New FluBot and TeaBot Global Malware Campaigns Discovered
January 26, 2022
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately
December 10, 2021