Skip to content

What’s Next Step for REvil Ransomware Victims?

Posted by: GuidePoint Security

< 1 min read

July 16, 2021 – Article posted on Govinfosecurity

Some ransomware gangs that have shut down operations have offered decryption keys to their victims. But when the REvil, aka Sodinokibi, ransomware gang disappeared from online on Tuesday, no such offer was made. In fact, it’s not clear whether REvil shut down on its own or was forced down by government action.

For companies whose systems are infected by REvil ransomware, containing the malware is the first step, says Mark Lance, senior director of cyber defense at the incident response and cybersecurity firm GuidePoint Security.

“You have to get it to a state where you can start getting your systems back up operationally – whether that’s recovering from backups, restoring from an older version or snapshot of the system or rebuilding a system. You have to make sure that it’s being done in a manner that’s segmented and that has an EDR solution on it,” Lance says.

Victimized organizations that lack adequate data backups are in a precarious situation. Experts recommend that victims without backups should still save their encrypted data just in case a decryption key is eventually released.

Read More HERE.

Categories: Cybersecurity News

GuidePoint Security

GPS + ZIdentity
Leverage GuidePoint Security as your trusted partner to ensure a smooth transition to Zscaler ZIdentity.
Download

Related Articles

View All

  • Blog
Navigating Incident Response Documentation
Posted by: Robert Bell
Read More 3 min read
  • GRIT® Blog
Interlock Intrusion: How Interlock Achieves Encryption
Posted by: Jean-Pierre Mouton
Read More 9 min read
  • Blog
The Power of Women in Cybersecurity: Mentorship, Community, and Rising Together
Posted by: Brittany Huffman
Read More 3 min read