REvil ransomware affected many users around the world, especially when it struck Kaseya over the past months. The common modus of the gang behind the REvil attack is to make the victim pay the ransom before the group decrypts the system.
Now, BitDefender released a free decryption tool for the victims who were previously hit by the REvil malware.
Free Decryption Tool For REvil Ransomware
(Photo : Sigmund from Unsplash)
For those users who were affected by the previous REvil ransomware attacks, you can use a free decryption tool made by Bitdefender.
Dealing with malware like in the case of REvil could be difficult for users who have little to no knowledge about dealing with it.
REvil ransomware gang is notorious for forcing its victims to pay corresponding money in exchange for a master decryptor tool for their computers.
Cybersecurity firm Bitdefender confirmed that it has released the latest decryption software for REvil.
The good news is the victims can get it for free.
Bitdefender made it possible through the help of an unknown agency concerned with law enforcement. When the Romania-headquartered firm was asked about the specific name of its collaborator, it declined to comment.
The company has been tight-lipped on how it arrived with a free master decryption key for all REvil victims. It only said that there was an ongoing investigation about the malware.
The REvil decryption software could be used by those people who were hit by the malware, but there’s a catch. Those who have their computers encrypted by the malware before July 13 should be able to use it.
Bitdefender Warns Users About Returning REVil Attacks
According to a report by SlashGear on Friday, Sept.17, Bitdefender shared that the Ransomware-as-a-Service (RaaS) operator of REvil could possibly come from a CIS nation.
Furthermore, the dangerous malware began in 2019 when it has become proxy ransomware of the GandCrab, which was now non-existent.
However, the attacks linked to this malware were reportedly happening once again.
Most importantly, REvil ransomware dwells on the depths of the dark web to infect many tech companies.
You can download the free decryption software…
The chief information officer for ExpressVPN once helped the United Arab of Emirates orchestrate a massive cyberspying campaign on computers across the globe.
According to the Justice Department, ExpressVPN CIO Daniel Gericke and two others worked as hackers for hire for the UAE to develop “zero-click” attacks capable of breaking into internet accounts and devices, including those in the US.
All three formerly worked for the US intelligence community. However, by offering their hacking expertise to a foreign country from 2016 to 2019, the trio broke US export controls, which required them to obtain a license from the State Department to provide such services. Reuters originally reported on the hire-for-hacking scheme with the UAE, and said the spying ensnared iPhones and internet accounts belonging to activists, political rivals, and even Americans.
The cyberspying naturally raises questions about the security around ExpressVPN. However, the VPN service is sticking with Gericke, who ceased his work with the UAE once he joined ExpressVPN in December 2019.
“We’ve known the key facts relating to Daniel’s employment history since before we hired him, as he disclosed them proactively and transparently with us from the start,” ExpressVPN wrote in a blog post on Wednesday. “In fact, it was his history and expertise that made him an invaluable hire for our mission to protect users’ privacy and security.”
Despite breaking US laws with the hacking, the Justice Department is refraining from charging Gericke with a crime. Instead, he’s entered into an agreement that forbids him from ever conducting “computer network exploitation” operations on behalf of an employer ever again. He also agreed to pay a $335,000 fine.
ExpressVPN adds that it constantly vets its VPN service for security. “Of course, we do not rely on trust in our employees alone to protect our users,” it wrote in Wednesday’s blog post. “We have robust systems and security controls in place in all our systems or products. We also engage and provide significant access to many independent third parties to conduct audits, security assessments, and penetration tests on our systems and…
Australians are being urged to avoid certain Microsoft Office documents that have been loaded with malware that could allow hackers to take over personal devices.
Any device that operates on Microsoft Windows is currently vulnerable to this attack.
Microsoft said it was currently investigating this “remote code execution vulnerability” that potentially allows malicious actors to remotely control computers.
“Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents,” Microsoft said in a .
“An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine.”
It appears the main danger is opening the actual document, which would leave the victim exposed to having their device remotely controlled.
“The attacker would then have to convince the user to open the malicious document.”
Users who have administrative user rights are more impacted by this attack than users whose accounts are configured to have fewer rights.
To get into the technicalities, the specific name for this vulnerability is .
How do I protect myself?
According to an (ASCS), titled “ACT QUICKLY: HIGH ALERT”, Microsoft actually doesn’t have a patch yet that protects you from this.
But there are temporary mitigating measures and workarounds that can help protect you in the meantime.
This includes making sure you open documents in Protected View or Application Guard for Office, both of which Microsoft said would prevent the attack.
Meanwhile, if you use Internet Explorer, you should “disabl[e] the installation of all ActiveX controls”.
Microsoft has further instructions on how to do that .
Microsoft also said that their Defender Antivirus and Defender for Endpoint should also protect against this vulnerability.
In the meantime, keep an eye out for any suspicious documents and for security updates from Microsoft.
“Customers should keep anti-malware products up to date. Customers who utilise automatic updates do not need to take additional action,”…