17 September 2021

Free REvil/Sodinokibi ransomware universal decryptor released


Free REvil/Sodinokibi ransomware universal decryptor released

Romanian cybersecurity firm Bitdefender has released a free universal decryptor for victims of REvil/Sodinokibi ransomware. According to the researchers, the decryptor was developed in collaboration with “a trusted law enforcement partner”.

While Bitdefender did not say how they obtained the master decryption key or the law enforcement agency involved, the firm said that the tool works for all REvil victims whose files were encrypted in attacks prior to July 13, 2021.

This is the date when REvil shut down their infrastructure after the group found itself in the center of attention of international law enforcement and the US authorities following a massive ransomware attack on Kaseya servers that took place in early July.

However, after several months of inactivity the servers of the REvil ransomware gang came back online. According to a new group’s representative who goes online as ‘REvil’, the gang went on break after the previous REvil’s representative known as ‘Unknown’ disappeared prompting concerns that he was arrested and servers were compromised.


Back to the list

Latest Posts

LightBasin hackers compromised 13 global telecoms in just two years

LightBasin hackers compromised 13 global telecoms in just two years

LightBasin is active since at least 2016 and is focused on Linux and Solaris servers, only interacting with Windows systems as needed.
20 October 2021
Suspected Chinese hackers reportedly hit 9 Israeli hospitals

Suspected Chinese hackers reportedly hit 9 Israeli hospitals

Attempted attacks come days after a massive ransomware attack on Hillel Yaffe Medical Center, attributed to the DeepBlueMagic group.
19 October 2021
State-sponsored hackers target orgs in South Asia with custom backdoor

State-sponsored hackers target orgs in South Asia with custom backdoor

Harvester has been observed using both custom malware and publicly available tools, such as Cobalt Strike Beacon and Metasploit, in their attacks.
19 October 2021