Bitdefender releases REvil master decryptor

ID theft
(Image credit: Future)

Cybersecurity firm Bitdefender has made available a universal decryptor for the victims of the infamous REvil ransomware, which it has made in collaboration with an unidentified “trusted law enforcement partner.” 

The company says that all victims who’ve had their files encrypted by the REvil ransomware can use the decryptor to restore their files.  

The REvil gang mysteriously went offline a couple of months back in July 2021, but has recently surfaced again on underground hacking forums. 

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

“On July 13 of this year, parts of REvil’s infrastructure went offline, leaving infected victims who had not paid the ransom unable to recover their encrypted data. This decryption tool will now offer those victims the ability to take back control of their data and assets,” notes Bitdefender.

Capitalizing on a mistake

REvil went offline after orchestrating the Kaseya attacks back in July, following which its properties on both the dark-web and normal web went offline. The disappearance led to speculation that the group could have been hit by law enforcement agencies.

The same was confirmed by Bitdefender as it put out the universal decryptor by pointing out that it can’t share more details about the tool and REvil’s operations since it’s part of an “ongoing investigation.” 

After being offline for about two months, an alleged representative of the gang started engaging with members on the Russian-language Exploit cybercrime forum last week, sharing details about the group’s apparent re-emergence.

Interestingly, the representative claimed that the law enforcement agencies were able to create the universal decryptor only because one of the REvil operatives accidentally generated the universal key, which was then sent along to a victim.

In any case, Bitdefender shared that it believes the gang is back, and urged businesses to be on high-alert and take necessary precautions. 

Of course, the gang would have made the necessary changes in their infrastructure to ensure that Bitdefender’s universal decryptor doesn’t work for any new victims, post the imminent resumption of its malicious activities.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.