A free REvil ransomware decryptor has been made available online. It would unlock all files corrupted and encrypted by the hacker group before July 13.
Bitdefender. however, warned that new REvil ransomware attacks are imminent. With that, yhey hope the Bitdefender decryptor would help as many victims as possible.
REvil is a Ransomware-as-a-Service (RaaS) operation, where cybercriminals hack into a system and encrypt its stored data. The data is held for ransom, with REvil affiliates demanding millions for ransom. The money is taken in exchange for a decryption key and the assurance that data hacked will not go into public.
Note, however, that transactions with cybercriminals are never secure. Hackers rarely keep their promises, even if the money gets paid. So victims are recommended to cut their losses and disconnect immediately when they get attacked.
After the Kaseya Ransomware attack 2021, ransomware strategies exploded with popularity among cybercriminals.
How to Download Bitdefender Decryptor: Full Guide
The cybersecurity company Bitdefender worked together with a confidential but trusted law enforcement partner to investigate REvil attacks. With their initial findings, Bitdefender developed a universal decryptor tool to help restore or recover files attacked before July 13.
The universal decryptor is free and open for download to any interested users. Here are the steps you should follow:
- Click on this link to "Download the REvil decryptor." Save it on your computer
- When a User Account Control asks for permission, click "Yes"
- Check the "I agree with the terms of use" for its License Agreement and "Continue"
- When the Bitdefender app opens, users are recommended to check "Scan entire system" and "Backup files"
- Press "Scan"
- Users are recommended to "Overwrite existing clean files" under "Advanced options" to overwrite existing files with their decrypted equivalent
Complete this process to clean your device and documents from ransomware codes.
REvil Ransomware Attack 2021: More Attacks Coming
Techspot warned some more threates that could come in the future. Another REvil ransomware attack might happen at any time.
REvil is one of the most prolific and active ransomware group in the dark web. Their affiliates targeted thousands of technology companies and attacked services providers around the world. However, after its Kaseya attack, the group suddenly went dark. REvil's payment site and other accounts went offline on the dark web. This worried many cybersecurity organizations.
However, on September 8, Emsisoft threat analyst Brett Callow spotted REvil's website back online. The group advertised stealing sensitive information such as client's SSN, date of birth, financial information, and personal data.
By Wednesday, the REvil added a new victim to their list. The victim's name was kept confidential for privacy.
Analysts speculate that attacks might grow worse in these next few months. Users are recommended to be very careful on the internet.
To further boost device security, users are recommended four helpful tips in avoiding ransomware attacks.