The doc attachment contacts a link, exploiting the Equation Editor vulnerability, and downloads an exe: the malware. Data is then exfiltered via SMTP to an email address.
REvil/Sodinokibi victims now can recover data for free. Bitdefender cybersecurity experts released a universal decryptor with a trusted law enforcement partner. It allow users to get back data attacked before July 13, 2021
REvil/Sodinokibi victims now can recover their data for free. This, thanks to Bitdefender cybersecurity experts who released a universal decryptor. Created in collaboration with a trusted law enforcement partner, this tool helps victims encrypted by REvil ransomware to restore their files and recover from cybercrime attacks made before July 13, 2021. REvil is a Ransomware-as-a-Service (RaaS) operator likely based in a Commonwealth of Independent States (CIS) country. It emerged in 2019 as a successor of GandCrab malware and is one of the most prolific ransomware on the dark web as affiliates have targeted thousands of technology companies, managed service providers and retailers around the world. REvil/Sodinokibi affiliates, after successfully encrypting a business’ data, demand large ransoms up to US $70 million in exchange for a decryption key and the assurance they will not publish the internal data exfiltrated during the attack.