Free REvil ransomware master decrypter released for past victims
Lawrence Abrams reports:
A free master decryptor for the REvil ransomware operation has been released, allowing all victims encrypted before the gang disappeared to recover their files for free.
The REvil master decryptor was created by cybersecurity firm Bitdefender in collaboration with a trusted law enforcement partner.
While Bitdefender could not share details about how they obtained the master decryption key or the law enforcement agency involved, they told BleepingComputer that it works for all REvil victims encrypted before July 13th.
Read more on BleepingComputer.
This limited explanation does seem to support claims or speculation about law enforcement involvement as part of the reason for REvil’s sudden disappearance after the Kaseya attack. But it also doesn’t necessarily rule out an explanation offered by a new “REvil” on a Russian forum who claims that there was simply a mistake in generating a decryptor key that resulted in a master decryptor being generated and getting out. That explanation, noted previously on this site, was met with significant skepticism.