Scribd
Upload
64 views3 pages

Revil Ransomware Decryption Tool: Steps For Decryption: Step 1: Download The Decryption Tool From

This document provides instructions for decrypting files encrypted by REvil ransomware using a decryption tool from Bitdefender. It outlines downloading the tool, running it with options to scan the entire system or specific paths for encrypted files, backup files, and overwrite existing clean files with decrypted versions. The tool can also be run silently from the command line with start and path arguments and options.

Uploaded by

Dolores Antonio
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
64 views3 pages

Revil Ransomware Decryption Tool: Steps For Decryption: Step 1: Download The Decryption Tool From

This document provides instructions for decrypting files encrypted by REvil ransomware using a decryption tool from Bitdefender. It outlines downloading the tool, running it with options to scan the entire system or specific paths for encrypted files, backup files, and overwrite existing clean files with decrypted versions. The tool can also be run silently from the command line with start and path arguments and options.

Uploaded by

Dolores Antonio
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

REvil RANSOMWARE DECRYPTION TOOL

Steps for decryption:

Step 1: Download the decryption tool from


download.bitdefender.com/am/malware_removal/BDREvilDecryptor.exe
and save it somewhere on your computer

Step 2: Double-click the file and allow it to run by clicking Yes in the UAC prompt.

Step 3: Select “I Agree” for the End User License Agreement

NOTE: Some versions are not yet decryptable


Step 4: Select “Scan Entire System” if you want to search for all encrypted files or just add
the path to your encrypted files.

We strongly recommend that you also select “Backup files” before starting the decryption
process. Then press “Scan”.
Users may also check the “Overwrite existing clean files” option under “Advanced
options” so the tool will overwrite possible present clean files with their decrypted equivalent.

At the end of this step, your files should have been decrypted.

If you encounter any issues, please contact us at [email protected].


If you checked the backup option, you will see both the encrypted and decrypted files.
You can also find a log describing decryption process, in %temp%\BDRemovalTool folder:

To get rid of your left encrypted files, just search for files matching the extension and
remove them bulk. We do not encurage you to do this, unless you doubled check your files
can be opened safely and there is no trace of damage.

Silent execution (via cmdline)


The tool also provides the possibility of running silently, via a command line. If you need to
automate the deployment of the tool inside a large network, you might want to use this feature.
 -help - will provide information on how to run the tool silently (this information will
be written in the log file, not on console)
 start - this argument allows the tool to run silently (no GUI)
 -path - this argument specifies the path to scan
 o0:1 - will enable Scan entire system option (ignoring -path argument)
 o1:1 - will enable Backup files option
 o2:1 - will enable Overwrite existing files option

Examples:

BDREvilDecryptor.exe start -path:C:\ -> the tool will start with no GUI and scan C:\
BDREvilDecryptor.exe start o0:1 -> the tool will start with no GUI and scan entire system
BDREvilDecryptor.exe start o0:1 o1:1 o2:1 -> the tool will scan the entire system, backup
the encrypted files and overwrite present clean files

Acknowledgement:
This product includes software developed by the OpenSSL Project, for use in the
OpenSSL Toolkit (http://www.openssl.org/)

You might also like