Cybersecurity company Bitdefender has developed a universal decryption key for anyone who has been a victim of REvil in the past. This decryptor doesn’t just work for the supply chain attack on Kaseya: companies and organizations that were victims of the Russian hacker group before July 13 can use the key to unlock their files. Despite the fact that the decryptor is available for free, security experts warn to be careful.
This is REvil in a nutshell
REvil, also known as Sodinokibi, is a hacker group that attacks foreign companies and powers with ransomware from Russia. Ransomware is another name for ransomware. Hackers use the program to lock down access to computer systems for their own staff. They can also use it to steal privacy-sensitive and confidential company and personal data and to put important data under lock and key. Only when the victim pays the ransom will he get the key so that he can access his files again. Such a key is also called a decryptor or decryption key.
REvil has been active since 2019. The group is said to have close ties to the Russian intelligence service GRU. Security officials are reportedly ordering specific targets to be attacked.
Over the years, REvil has made all kinds of victims, including Travelex, Brown-Forman Corporation, Acer, and Quanta Computer. Only this year, meat processor JBS, energy company Invenergy and ICT service provider Kaseya fell prey to the Russian hackers.
Kaseya receives universal decryptor
The attack on Kaseya caused a lot of misery worldwide. REvil exploited a zero-day exploit in the Virtual System Administrator (VSA) software. Customers can remotely manage customer computer systems and servers with this program. This vulnerability allowed the hackers to install ransomware undetected. This happened at about 1,500 companies and organizations worldwide, including some in the Netherlands.
Shortly after the attack, REvil made himself heard. The hacker collective asked $ 70 million for the decryption key. “Everyone can then recover from the attack within an hour,” the attackers promised. The ransom for this decryptor was never paid. Instead, Kaseya received a universal decryption key from an unknown party. This gave all victims back control of their systems and files free of charge.
Bitdefender develops universal decryptor for victims before July 13
In mid-July, something unexpected happens: REvil seems to have disappeared from the face of the earth. The websites on both the dark web and the regular web spontaneously went black. The help desk was also no longer available. And the hacker Unknown, who acts as the mouthpiece of the hacker group, was banned from hackers forum XSS.
Companies that had been attacked by REvil suddenly found themselves with a problem. They could no longer log into the hackers’ sites. Negotiating or paying the ransom was therefore impossible. There is now a solution for these victims. Together with a trusted law enforcement officer’, cybersecurity firm Bitdefender has developed a universal decryption key. Anyone attacked by REvil before July 13 can use this key to regain access to their data.
Why REvil disappeared out of nowhere is still a mystery. However, the disappearance act was short-lived. Last week and this week, members of the group made new victims. So it was crystal clear that REvil is back.
‘New REvil ransomware attacks on the way’
Bitdefender says the investigation into REvil’s ransomware attacks is still ongoing. As a result, the cybersecurity company cannot provide details or make any announcements about the matter. In order to help as many victims as possible as quickly as possible, the company decided to release the universal decryptor right now. You can download the universal decryption key for free from Bitdefender’s website.
The fact that the key is available to everyone is, of course, good news. Still, Bitdefender employees warn us to be vigilant in the near future. “We believe new REvil attacks are on the way after the ransomware gang’s servers and supporting infrastructure recently came back online after a two-month hiatus. We urge organizations to be very vigilant and take the necessary precautions,” the cybersecurity company said.
Catch up on more articles here
Follow us on Twitter here