Bitdefender releases REvil master decryptor

ID theft
(Image credit: Future)

Cybersecurity firm Bitdefender has made available a universal decryptor for the victims of the infamous REvil ransomware, which it has made in collaboration with an unidentified “trusted law enforcement partner.” 

The company says that all victims who’ve had their files encrypted by the REvil ransomware can use the decryptor to restore their files.  

The REvil gang mysteriously went offline a couple of months back in July 2021, but has recently surfaced again on underground hacking forums. 

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

“On July 13 of this year, parts of REvil’s infrastructure went offline, leaving infected victims who had not paid the ransom unable to recover their encrypted data. This decryption tool will now offer those victims the ability to take back control of their data and assets,” notes Bitdefender.

Capitalizing on a mistake

REvil went offline after orchestrating the Kaseya attacks back in July, following which its properties on both the dark-web and normal web went offline. The disappearance led to speculation that the group could have been hit by law enforcement agencies.

The same was confirmed by Bitdefender as it put out the universal decryptor by pointing out that it can’t share more details about the tool and REvil’s operations since it’s part of an “ongoing investigation.” 

After being offline for about two months, an alleged representative of the gang started engaging with members on the Russian-language Exploit cybercrime forum last week, sharing details about the group’s apparent re-emergence.

Interestingly, the representative claimed that the law enforcement agencies were able to create the universal decryptor only because one of the REvil operatives accidentally generated the universal key, which was then sent along to a victim.

In any case, Bitdefender shared that it believes the gang is back, and urged businesses to be on high-alert and take necessary precautions. 

Of course, the gang would have made the necessary changes in their infrastructure to ensure that Bitdefender’s universal decryptor doesn’t work for any new victims, post the imminent resumption of its malicious activities.

TOPICS
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Representational image of a hacker
Best ransomware protection of 2025
A laptop with a red screen with a white skull on it with the message: &quot;RANSOMWARE. All your files are encrypted.&quot;
Less than half of ransomware incidents end in payment - but you should still be on your guard
A laptop with a red screen with a white skull on it with the message: &quot;RANSOMWARE. All your files are encrypted.&quot;
More reports claim 2024 was the worst year for ransomware attacks yet
Ransomware
8base ransomware site taken down in global police operation
A laptop with a red screen with a white skull on it with the message: &quot;RANSOMWARE. All your files are encrypted.&quot;
AWS S3 feature abused by ransomware hackers to encrypt storage buckets
Lock on Laptop Screen
Clop ransomware lists Cleo cyberattack victims
Latest in Security
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
Nation-state threats are targeting UK AI research
Scam alert
Fake jobs and phone calls: How Americans lost $12.5 bn to fraud in 2024
Application Security Testing Concept with Digital Magnifying Glass Scanning Applications to Detect Vulnerabilities - AST - Process of Making Apps Resistant to Security Threats - 3D Illustration
Google bug bounty payments hit nearly $12 million in 2024
Scam alert
A new SMS energy scam is using Elon Musk’s face to steal your money
Representational image of a cybercriminal
Allstate sued for exposing personal customer information in plaintext
Latest in News
Project Moohan prototype at Samsung Galaxy Unpacked, an XR goggles headset on display in a show area
Samsung's Android XR headset could avoid the Apple Vision Pro's biggest mistake, according to this leak
Rivian R1T
Big Rivian update delivers hands-off driving to rival Tesla Autopilot – and a new 'Rally' mode
The Samsung Galaxy S25 Edge, close up on the dual camera system, against a marbled background
The Samsung Galaxy S25 Edge is being tipped to come with a sweet Google Gemini deal
Matt Murdock and Kirsten McDuffie standing in a court room in Daredevil: Born Again
Daredevil: Born Again episode 3 contains another Marvel reference to Spider-Man, but it's got nothing to do with Tom Holland's Peter Parker
Man having Windows 11 problems with his laptop
Fed up of adverts creeping into Windows 11? You won’t like Microsoft’s latest update, then, although it does provide some important bug fixes
Apple Siri
Update your Apple device now: iOS 18.3.2 fixes a flaw that could be exploited by hackers