What happened? This week, security firm Bitdefender, in conjunction with law enforcement, released a free program to help victims of REvil - the ransomware behind the Kaseya attack in July. The band behind the ransom program has apparently resurfaced after the summer break.
Bitdefender has not been able to determine which law enforcement agency it is working with because its investigation into REvil is ongoing. They weren't able to reveal the details until the lead partner in the case advised them, but in a statement, they decided that they should release the decryption tool as soon as possible to help people affected by the REvil ransomware.
Bitdefender claims that the universal decoder can open files on any system that was encrypted by REvil prior to July 13 this year, when the suite went dark. The apparent disappearance of Riville worried Bitdefender because it meant that victims who did not pay the ransom to receive the decryption now have no way of receiving it. The payment site REvil, along with others on the dark web, was offline.
Last week, security analyst Emsisoft noted that the REvil blog was online again. Then they announced today that REvil has met a new victim. Beat Defender said it believes new attacks are imminent and advises organizations to remain on high alert. pic.twitter.com/ESWcNvHj9G- BrettCallow September 16, 2021
On July 2, REvil launched Kaseya's remote management and IT platform, and through it, hundreds of companies around the world have heated up. Then a global decryption was proposed for a record ransom of $70 million in bitcoin.
President Joe Biden ordered US intelligence agencies to investigate the attack, and later said the damage to American jobs appeared minimal. They cannot determine whether the Russian government is directly responsible. Christian Colon, CC BY-SA 2.0
Free REvil Ransomware Decoder Released for Previous Victims