Bitdefender, a Romanian cybersecurity firm, published a universal decryptor utility that will help past victims of the REvil ransomware gang recover their encrypted files. The REvil ransomware gang is one of the most prolific names in the hacking scene, especially over the last couple of years. They have been responsible for a lot of high-profile ransomware attacks over the last 2 years like the JBS Foods attack and the recent Kaseya incident that had a huge impact across the business world.
Bitdefender is previously known for releasing a decryptor that helped victims of the GrandCrab ransomware attacks.
The universal decryptor that has been released by Bitdefender will help victims of REvil’s attacks before July 13th 2021 recover their encrypted files, provided that the victims are still in possession of the encrypted files. As per the cybersecurity firm’s research blog, it has developed the universal decryptor in collaboration with a “trusted law enforcement partner”. The company has stated that it cannot provide any further elaboration due to an ongoing investigation by law enforcement.
“Please note this is an ongoing investigation and we can’t comment on details related to this case until authorized by the lead investigating law enforcement partner. Both parties believe it is important to release the universal decryptor before the investigation is completed to help as many victims as possible.”via Bitdefender’s research blog
What is the universal decryptor
As mentioned before, REvil has been very active with its ransomware attacks over the last 2 years. Right after the Kaseya attack during the July 4th holidays, around July 13th, all of REvil’s web servers shut down out of the blue. Many believe that this is because of the indirect threats made by US law enforcement and subsequent political pressure by the White House and the Biden administration.
Many websites associated with REvil including their infamous ‘Happy Blog’ and their payment gateway pages, and their profiles on dark web forums were found to be offline. Due to this abrupt shutting down of all their digital infrastructure and operations, many of REvil’s victims before that date were unable to recover their encrypted files even if they were willing to negotiate a price with the ransomware gang. Now, since the payment gateway sites and the Happy Blog are back online along with new dark web profiles, new intrusions have already been reported by Avast and AdvIntel.
It is being reported by multiple sources that the main reason that the REvil gang took a 2-month hiatus from operations is due to the disappearance of one of their operations leaders, Unknown.
“The main reason for their departure into the shadows, he called political reasons. This refutes the claims of the REvil members themselves, who explained the short-term simple precautions after the disappearance of one of the members of the community.”via a Russian news outlet, Lenta
This claim was reported by Lenta, claiming to have spoken to a “Russian hacker” who collaborates with the REvil gang.
As for Bitdefender, the firm believes that another attack by the REvil gang is looming, especially after the ransomware gang’s servers are back up and running. They also say that it was essential to release the universal decryptor before the investigation concluded so that they could help as many victims as possible.
The universal decryptor for past victims of REvil’s attacks can be downloaded for free here.