I am thrilled to announce that Bitdefender has released a remarkable decryption tool for the Revil/Sodinokibi ransomware. You can easily download it from the following link: https://www.bitdefender.com/blog/labs/bitdefender-offers-free-universal-decryptor-for-revil-sodinokibi-ransomware/.
Recently, I successfully utilized this tool to recover 100% of the data from a client’s encrypted hard drive, even though it had been 9 months since the initial attack. This attack was possible due to a successful compromise of the user’s password via Remote Desktop. To ensure the safety of your remote computer access, I highly recommend changing the default port (3389) to a more obscure one and strengthening your password.
The impact of the attack went beyond encrypting the client’s local hard drives; it also affected their backup drives. To detect any unusual behavior, I advised the client to power off the PC when not in use, but unfortunately, this precaution was not taken. Since then, we have implemented various data recovery techniques, including weekly swapping of backup drives enabled by Storagecraft’s ShadowProtect software. Fortunately, we had recently replaced the main drive, which had a growing number of bad sectors, allowing us to fully restore all data with a 100% success rate. By comparing the current and encrypted drives, we were able to analyze the differences and develop a comprehensive methodology for recovering deleted files, which could potentially be explored in a separate blog post.
When it comes to restoring and merging the client’s data with their existing setup, it’s important to note that relying on the date created and modified is not feasible, as these change during encryption and decryption. Therefore, a direct file and directory comparison between the two drives is necessary for an accurate restoration process.
Why is this Tool Essential for Data Recovery?
In June of this year, REvil targeted eight MSPs (Managed Service Providers) who relied on the indispensable Kayesa remote management tool to administer their outsourced IT services. Despite a vulnerability in Kaseya servers being on the brink of being patched, the REvil ransomware gang swiftly executed their attack in July, just moments before the patch was applied.
The assault coincided with America’s 4th of July weekend, as REvil partners exploited a vulnerability in the Kaseya VSA remote management service, utilized by approximately 35,000 customers. Leveraging their control over Kaseya’s servers, they cunningly distributed a compromised software update to the unsuspecting customers of Kayesa, predominantly small and medium-sized enterprises (SMEs).
The repercussions of this attack were nothing short of catastrophic, widely impacting companies across the globe. For instance, the renowned Swedish supermarket chain, Coop, was forced to close nearly half of its 800 stores due to the malfunctioning checkouts caused by the attack. Similarly, schools, kindergartens, and public administration offices in New Zealand and Romania suffered from its devastating consequences.
Gain insights into this cyber catastrophe through the map below, showcasing the infected computer systems as observed by the esteemed cyber-security firm, Kaspersky.
While the Revil groups website has disappeared from the dark web , the prevalence of remote attacks has increased with the Covid 19 pandemic and I am increasingly attempting to recover data from encrypted drives. This type of threat is not going to disappear and the adage prevention is better than the cure is definitely true. Data Recovery on encrypted drives can be painstaking.
Some of our Reviews
Rob Pennefather2023-12-22Lost coverage of my Samsung 3g phone when vodafone chopped the 3g network coverage . Data Recovery Perth with their amazing knowledge and tech skills reconnected my phone to the 4g network saving me from buying or upgrading a new phone ! Highly recommend Data Recovery Perth for all your computer phone and IT issues !!!Virginie Chetty2023-11-16Digby completely saved my business by recovering important files from my failed laptopIan Brodie2023-11-16Lost data on a failed hard drive. It seemed to be gone for good but after a weeks work Digby recovered it all. Excellent work. Recommended.Rose Reilly2023-07-29Great service from Digby . Very knowledgeable and helpful in fixing my IT issuesVaughan2023-07-14I've used Data Recovery Perth to recover some files that I was told by another business were irrecoverable. I not only had these files fully recovered but was very happy with the cost to perform this. Speedy recovery and excellent service, definitely recommend.plumboss2023-07-12Hi Digby, I would like to thank you for retrieving files from my hardrive. The files are very important to my work. I\'m taking your advise and investing in a new hardrive. Thank you John AbrahamsBill E2023-07-08Data Recovery Perth recovered some critical data from a failed laptop that I thought was totally lost, great job.Nathan Davis2023-06-23I had a old Raid 10 computer that failed and which had photos and videos on it that I didn't want to loose. I searched for data recovery services and all the places I found charged exorbitant prices. Came across Digby and found his price was very reasonable and he got all my data back! So I would say to anyone needing data recovery use Digby's services and not the other places as he gets the job done for a fair price.Milan Adrijasevic2023-06-15Recently I had a hard drive die on one of my work computers . Data Recovery Perth got all my data back and had me working in no time.Stuart2022-12-10I recently used Digby's data recovery service and was impressed by his intelligence and helpfulness. He was able to recover data from my network HDD that I thought was lost forever, and did so with a level of expertise and attention to detail that was truly impressive. I am so grateful for his help, and would highly recommend him to anyone in need of data recovery. Thank you, Digby!
REQUEST A QUOTE
Address
126 Whatley Crescent Maylands
call:(08) 6180 6959
126 Whatley Crescent
6 Days a week from 8:00am – 5:00pm