The Week in Ransomware – September 17th 2021 – REvil Decrypted
It has been an interesting week with decryptors released, ransomware gangs continuing to rail against negotiators, and the US government expected to sanction crypto exchanges next week.
This week’s biggest news is that soon after REvil returned from its two-month absence, Bitdefender released a master decryptor that allows victims encrypted by REvil before July 13th to recover their files for free.
While the decryptior has a few bugs that still need to be worked out that lead to corrupted data in certain situations, our decryption tests show that it works against REvil samples as far back as May 2019.
The US government is expected to disrupt further ransomware attacks by sanctioning crypto exchanges, wallets, and traders that aid cybercriminals.
Finally, ransomware gangs use phishing attacks with malicious Word documents that utilize the Windows MSHTML vulnerability tracked as CVE-2021-40444. When opened, the malicious documents would install Cobalt Strike to provide network access to the attackers.
Contributors and those who provided new ransomware information and stories this week include: @demonslay335, @Seifreed, @DanielGallagher, @malwrhunterteam, @FourOctets, @malwareforme, @jorntvdw, @fwosar, @VK_Intel, @serghei, @PolarToffee, @BleepinComputer, @LawrenceAbrams, @struppigel, @Ionut_Ilascu, @RiskIQ, @sixdub, @Bitdefender, @zackwhittaker, @AdvIntel, @siri_urz, @martinmatishak, @pcrisk, @TheDFIRReport, and @PogoWasRight.