Bitdefender Releases Tool To Decrypt Files Affected by REvil/Sodinokibi Ransomware

How did the hacker escape the police? -He Ransomware.

Jokes aside, the victims of the infamous REvil/Sodinokibi ransomware now have a reason to celebrate, as they can have access to their files again.

A few hours ago, the cybersecurity company Bitdefender announced that it succesfully developed a tool to decrypt files altered by the REvil/Sodinokibi ransomware, returning them to their natural state.

The Infamous REvil/Sodinokibi Now Has a Cure

According to the announcement, Bitdefender received support from a “trusted law enforcement partner.” The company explains that they cannot provide further details unless and until they have the proper authorization. It is important to note that international investigative agencies are still working to apprehend members of the organization that developed this Ransomware.

The decryption tool is available for free and can be downloaded from the Bitdefender website. The software is not some miraculous anti-ransomware holy grail, but it has proven effective even if it cannot combat all versions of the Ransomware.

Bitdefender claims that the tool works for versions developed before July 13, 2021. This is especially useful for victims who wanted to pay but could not access their files because the group went into the shadows in mid-July of this year, probably because the governments —especially the US— were pushing harder against the group and the use of Ransomware in general.

On July 13 of this year, parts of REvil’s infrastructure went offline, leaving infected victims who had not paid the ransom unable to recover their encrypted data. This decryption tool will now offer those victims the ability to take back control of their data and assets.

What is Ransomware and Why is This Tool So important?

Ransomware is a malicious program that encrypts the content stored on a computer, making it impossible to access any file. As it uses cryptography, a key is needed to decrypt the files. This can only be obtained by paying a ransom to the group responsible for the attack, usually in Bitcoin or Monero.

The difficulty in tracking crypto transactions helped spread the Ransomware so much that the REvil group mutated into the Ransomware as a Service business, selling its tool to other criminals.Ransomware victims include the Colonial Pipeline, Kia Motors, CD Projekt Red and Ireland’s Health Service Executive (HSE).

The seriousness of this phenomenon has led the United States to place it in the same category as terrorism.
REvil is believed to be located in Russia, so the case had a special diplomatic component —in July of 2021, US president Joe Biden said to the media that he spoke with the president of Russia, Vladimir Putin, and demanded more proactive actions to stop ransomware attacks, especially those coming from Russia.

“I made it very clear to him that the United States expects, when a ransomware operation is coming from his soil even though it’s not sponsored by the state, we expect them to act if we give them enough information to act on who that is,”

To download the decryption tool, you can follow the instructions in this guide.