Ames Computer Geeks Corner News Bitdefender Releases Universal Decryptor Key for REvil Ransomware NYC New York City North Bergen County

Bitdefender Releases Universal Decryptor Key for REvil Ransomware

The Accordion system converts ordinary external HD into a NAS box and enables you to backup data using any usb based storage device whether it is RAID, SATA, ATA, IDE, SSD, or even CF-card. Accordion backup appliance is a self contained device that can utilize any external storage for backing up data. You can utilize existing excess storage on existing workstations or servers. You can use existing NAS storage or you can use any usb based storage device. Accordion is agnostic when it comes to where it backs up to or what technology is used for backup.

Bitdefender is releasing a free, universal decryptor key to decrypt data that were encrypted by REvil/Sodinokibi ransomware attacks before the gang's servers went dark on July 13. The firm announced that it's releasing the universal key for free on Thursday, just days after REvil servers went back online again. Bitdefenderd was working with law enforcement to create a key to unlock victims encrypted in ransomware attacks before REvil servers went down. For REvil victims, it will give them the ability to regain access to their data. This anouncement is different from when REvil victim Kaseya got its hands on a master key. The key obtained by Kaseya was first thought it could unlock all of the REvil attacks that occurred at the same time as the Kaseya one. Unfortunately, the decryptor was only for the files locked in the Kaseya attack.

Bitdefender didn't give details on how it developed the key, beyond saying that it was created "in collaboration with a trusted law enforcement partner". Bitdefender stated that there is an ongoing investigation and they couldn't comment on details related to it until authorized by the investigating, law enforcement partner. Bitdefender released the key because it believes that it is important to release the universal decryptor before the investigation is completed "to help as many victims as possible." When the REvil servers were shut down, it left infected victims unable to continue with negotiations and unable to get a decryptor key. The decryption tool that Bitdefender should help those victims to get back their data.

When it comes to decryption keys, REvil, as well as other RaaS groups, uses a key hierarchy. Yelisey Boguslavskiy, head of research at Advanced Intelligence, explained that each RaaS affiliate can get their own key to unlock the victim if the victim pays. But that key will only work for that specific victim. That's why the key that Kaseya got wouldn't work to unlock other REvil victims. There's also a universal key owned by the core team for a set of victims. That universal key can cover multiple networks and workstations. Then there is anmaster key used by top RaaS leadership. The master key can unlock any victim. The master key is the one that Bitdefender is offering. The key will unlock any victim unless REvil redesigned their entire malware set.

Victims of REvil ransomware can download the decryption tool for free to recover their data here. A step-by-step tutorial on how to use the REvil decryption tool is available as a pdf here.