Bitdefender releases a tool to decrypt files affected by the REvil hacker group

The cybersecurity company Bitdefender has released a free tool to decrypt files that have been encrypted with the infamous REvil ransomware.

REvil / Sodinokibi ransomware decryption program

Victims of the well-known REvil / Sodinokibi ransomware now have reason to celebrate, as they can access their files again.

Cybersecurity company Bitdefender announced that it had successfully developed a tool to decrypt files modified by the REvil / Sodinokibi ransomware and return them to their natural state.

According to the announcement, Bitdefender received support from a “trusted law enforcement partner”. The company explains that they cannot provide further details until they have proper authorization. It is important to note that international investigation agencies are still working to catch members of the organization that developed this Ransomware.

The decryption tool is available for free and can be downloaded from the web Bitdefender. The software is not a miraculous holy grail against ransomware, but it has proven itself, although it cannot fight all versions of Ransomware.

Bitdefender claims that this tool works for versions developed before July 13, 2021. This is especially useful for victims who wanted to pay but did not have access to their files because the group withdrew in mid-July this year, probably because governments – especially the USA – they pushed harder against the group and the use of Ransomware in general.

On July 13 this year, parts of the REvil group disconnected and infected victims who did not pay the ransom could not recover encrypted data. This decryption tool will now offer these victims the opportunity to take back control of their data and assets.

What is ransomware and why is this tool so important?

Ransomware is a malicious program that encrypts content stored on your computer and prevents access to any file. Because it uses cryptography, a key is needed to decrypt the files. This can only be achieved by paying the ransom group responsible for the attack, usually in BTC or Moner.

Difficult monitoring of cryptocurrency transactions helped spread ransomware to the point that REvil sold its tool to other criminals. Victims of ransomware include Colonial Pipeline, Kia Motors, CD Project Red and the Irish Health Service Executive (HSE).

The seriousness of this phenomenon has led to its classification in the same category as terrorism.

REvil is believed to be in Russia, so the case had a special diplomatic component – in July 2021, US President Joe Biden told the media that he had spoken to Russian President Vladimir Putin and called for more proactive measures to stop ransomware attacks, especially those coming from Russia. .

“I made it clear to him that the United States expects that when ransomware comes from its country, even though it is not sponsored by the state, we expect it to act if we provide them with enough information.”

To download the decryption tool, you can follow the instructions in this guide.