Bitdefender has released a universal decryptor[1] for REvil/Sodinokibi victims infected before July 13, 2021.
In a statement, the cybersecurity company said it created the tool with "a trusted law enforcement partner" in an effort to help the many victims who had been infected with the ransomware.
There are multiple REvil victims who either refused to pay[2] a ransom or paid a ransom but did not get working decryption keys[3] before the ransomware group went dark on July 13[4] following a massive July 4 attack on Kaseya[5], an IT solutions developer for MSPs and enterprise clients.
The group has since resurfaced[6] and leaked information about multiple victims, even announcing a new victim[7] on Thursday as Bitdefender rolled out its decryptor.
Bogdan Botezatu, director of threat research and reporting at Bitdefender, told ZDNet that they began seeing dozens of downloads of the decryptor as soon as they released it. The company has also been contacted privately by several victims who have been waiting for help since the emergence of the group.
Botezatu noted that it is impossible to estimate how many victims REvil has managed to infect since 2019 because not all victims report infections or reach out for support.
When asked why the decryptor only works for victims infected before July 13 and not after, Botezatu said that he could not discuss specifics, but explained that the main difference is "related to the decryption keys that we have available from our trusted law enforcement partner."
"We have tested the tool against recent attacks and our tool cannot yet decrypt attacks after the July 13 date," Botezatu said.
"We are pleased we are helping victims who have been impacted. Like other