Bitdefender announced the availability of a universal decryptor for REvil/Sodinokibi. Created in collaboration with a trusted law enforcement partner, this tool helps victims encrypted by REvil ransomware to restore their files and recover from attacks made before July 13, 2021.
On July 13 of this year, parts of REvil’s infrastructure went offline, leaving infected victims who had not paid the ransom unable to recover their encrypted data. This decryption tool will now offer those victims the ability to take back control of their data and assets.
Please note this is an ongoing investigation and we can’t comment on details related to this case until authorized by the lead investigating law enforcement partner. Both parties believe it is important to release the universal decryptor before the investigation is completed to help as many victims as possible.
We believe new REvil attacks are imminent after the ransomware gang’s servers and supporting infrastructure recently came back online after a two month hiatus. We urge organizations to be on high alert and to take necessary precautions.
Who is REvil/Sodinokibi?
REvil is a Ransomware-as-a-Service (RaaS) operator likely based in a Commonwealth of Independent States (CIS) country. It emerged in 2019 as a successor of the now-defunct GandCrab ransomware and is one of the most prolific ransomware on the dark web as affiliates have targeted thousands of technology companies, managed service providers and retailers around the world.
After successfully encrypting a business’ data, REvil affiliates demand large ransoms up to US $70 million in exchange for a decryption key and the assurance they will not publish the internal data exfiltrated during the attack.
Ransomware continues to gain popularity throughout 2021 and remains a favored attack threatening organizations of all sizes in all industries.
Download the REvil Decryption Tool
Victims of REvil ransomware can download the new decryption tool for free to recover their data.