Skip to content

What’s Next Step for REvil Ransomware Victims?

July 16, 2021 – Article posted on Govinfosecurity

Some ransomware gangs that have shut down operations have offered decryption keys to their victims. But when the REvil, aka Sodinokibi, ransomware gang disappeared from online on Tuesday, no such offer was made. In fact, it’s not clear whether REvil shut down on its own or was forced down by government action.

For companies whose systems are infected by REvil ransomware, containing the malware is the first step, says Mark Lance, senior director of cyber defense at the incident response and cybersecurity firm GuidePoint Security.

“You have to get it to a state where you can start getting your systems back up operationally – whether that’s recovering from backups, restoring from an older version or snapshot of the system or rebuilding a system. You have to make sure that it’s being done in a manner that’s segmented and that has an EDR solution on it,” Lance says.

Victimized organizations that lack adequate data backups are in a precarious situation. Experts recommend that victims without backups should still save their encrypted data just in case a decryption key is eventually released.

Read More HERE.