Free REvil ransomware master decrypter released for past victims

LASER_oneXM

Level 37
Verified
Feb 4, 2016
2,611
A free master decryptor for the REvil ransomware operation has been released, allowing all victims encrypted before the gang disappeared to recover their files for free.
The REvil master decryptor was created by cybersecurity firm Bitdefender in collaboration with a trusted law enforcement partner.


While Bitdefender could not share details about how they obtained the master decryption key or the law enforcement agency involved, they told BleepingComputer that it works for all REvil victims encrypted before July 13th.

"As per our blog post, we received the keys from a trusted law enforcement partner, and unfortunately, this is the only information we are at liberty to disclose right now," Bitdefender's Bogdan Botezatu, Director of Threat Research and Reporting, told BleepingComputer.


"Once the investigation progresses and will come to an end, further details will be offered upon approval."
REvil ransomware victims can download the master decryptor from Bitdefender (instructions) and decrypt entire computers at once or specify specific folders to decrypt.
 

Gandalf_The_Grey

Level 51
Verified
Trusted
Content Creator
Apr 24, 2016
4,011
Bitdefender here, talking to Fabian atm in DMs. Thanks, again for the heads-up! Users, please make sure you tick the "Backup files" option (currently unchecked by default). We're looking into this right now.
1/2 UPDATE: We temporary disabled decryption for the corner-case raised by Fabian and a fix will be made available soon. All other REvil decryption types are fully functional and no files will be damaged but we strongly advise to check the "backup files" option nonetheless.
2/2 If you need help with decryption or get stuck, shoot us an email at forensics@bitdefender.com and we will try to help.
 
Top