Hundreds of victims—and counting—have successfully been able to decrypt their data, which is good news. We also wanted to let you know that we fixed a problem that might have affected a limited number of victims who were using the decryptor in a specific situation. We promptly changed the decryptor’s configuration, and within hours we sent out an update. All encryption modes can be safely decrypted by victims.
For REvil/Sodinokibi, Bitdefender announced the release of a global decryptor. This solution, developed in partnership with a dependable law enforcement partner, assists those whose files have been encrypted by the REvil ransomware in recovering from attacks that occurred before July 13, 2021.
Parts of Ravil’s infrastructure fell unavailable on July 13 of this year, making it impossible for infected people who hadn’t paid the ransom to decrypt their data. These victims will now have the option to regain control of their data and assets thanks to this decryption tool.
As this is a continuing investigation, we must wait for permission from the main investigative law enforcement partner before making any statements about the specifics of the case. Both sides agree that it’s critical to make the universal decryptor available before the investigation is finished in order to assist as many victims as possible.
After a two-month hiatus, the ransomware gang’s servers and accompanying infrastructure just went back online, leading us to anticipate that additional Ravil attacks are soon to follow. We compel organizations to exercise extreme vigilance and be on high alert.
Ravil/Sodinokibi: Who is He?
Ravil is a ransomware-as-a-service (RaaS) provider that most likely has its headquarters in a CIS nation. It first appeared in 2019 as a replacement for the now-defunct GandCrab ransomware. As a result of affiliates targeting thousands of technological firms, managed service providers, and retailers globally, it is one of the most widespread ransomware on the dark web.
Once a company’s data has been encrypted, Ravil affiliates demand high ransom payments of up to US $70 million in return for a decryption key and the promise that they won’t release the internal data that was stolen during the attack.
Through 2021, ransomware will continue to grow in popularity and be a common attack that threatens businesses of all sizes and across all sectors.
Get the Ravil Decryption Tool now.
The new decryption tool is available for free download by REvil ransomware victims who want to restore their data.