Bitdefender researchers released a free master decryptor for the REvil ransomware operation
Researchers from Bitdefender released a free master decryptor for the REvil ransomware operation which could be used by past victims to recover their files for free.
The REvil gang hit the Kaseya cloud-based MSP platform on July 2nd which impacted MSPs and their customers. The gang initially compromised the Kaseya VSA’s infrastructure, then pushed out malicious updates for VSA on-premise servers to deploy ransomware on enterprise networks.
The ransomware gang demanded $70 million worth of Bitcoin for decrypting all systems impacted in the Kaseya supply-chain ransomware attack.
However, the infrastructure and the websites used by the REvil ransomware gang were mysteriously unreachable from July 13th onwards. The Tor leak site, the payment website “decoder[.]re”, and their backend infrastructure went offline simultaneously.
Bitdefender developed the decryptor with the help of a law enforcement partner that provided the company decryption keys.
Using the universal decryptor for REvil/Sodinokibi, the files of the victims that were encrypted could be restored and recovered.
The researchers stated that they believe new REvil attacks might occur after the ransomware gang’s servers and supporting infrastructure recently came back online after a two-month break.
More details are not provided by the researchers as the investigation process is ongoing.
The victims of the group can download the decryptor from Bitdefender for free to recover their encrypted files. The researchers also published a step-by-step tutorial on how to use the REvil decryption tool.