The Romanian information security company Bitdefender, in cooperation with law enforcement agencies, has developed a decryptor that will allow all victims of the REvil group to recover encrypted data for free. Although Bitdefender did not disclose how the company obtained the decryption key, Bitdefender said the tool it created can recover data that was encrypted before July 13.
“As stated on our blog, we received the keys from a trusted law enforcement partner, and unfortunately this is the only information we can disclose at this time.”– quotes the source of the words of Bogdan Botezatu (Bogdan Botezatu), head of threat research and reporting at Bitdefender. He also noted that the details of the case related to the hackers from REvil may be disclosed after the completion of the investigation by law enforcement agencies.
Currently, victims of REvil, whose data was encrypted before July 13, can download the decryptor from the official Bitdefender website and decrypt all data or specific folders and files. The source notes that this tool has been tested and proven to work.
Most likely, law enforcement agencies managed to compromise the REvil servers, as a result of which access to the key to decrypt the data was obtained. The hackers from REvil started active in 2019 and since then have carried out a lot of successful attacks, from which companies from around the world have suffered. The latest large-scale campaign by REvil involves an attack on Kaseya’s remote administration VSA service, which as a result became a ransomware distribution channel and damaged about 1,500 companies around the world. The attack on the VSA service was carried out on July 2, and already on July 13, hackers unexpectedly curtailed their activities and, until recently, did not show any activity.