Your IT Support Experts
We partner with many types of businesses in the area, and strive to eliminate IT issues before they cause expensive downtime, so you can continue to drive your business forward. Our dedicated staff loves seeing our clients succeed. Your success is our success, and as you grow, we grow.
Free Consultation
Interested in seeing what we can do for your business? Contact us to see how we can help you! Sign Up Today
Is your business currently infected with REvil or Sodinokibi ransomware?
USA Computer Services has the experience and skills required to restore your data and we can get started right now!
If you are currently infected with REvil / Sodinokibi, you may see some of the following images on your computers and/or servers:
What is REvil / Sodinokibi?
REvil / Sodinokibi is an extremely troubling ransomware attack. Not only is REvil / Sodinokibi extremely fast, it uses advanced encryption ciphers that are impossible to decrypt without both encryption keys. REvil / Sodinokibi also copies all of the data to their servers, which means they can decrypt the data, and publish it on the internet and/or dark web. They use this capability to not only hold your data ransom, they use it as a threat. On several occasions they have published confidential company data to try and force companies to pay the ransom amount with the promise they will provide the decryption keys and delete the data on their servers. This is one of the worst variants of ransomware to ever hit the internet, and the frequency of these REvil / Sodinokibi attacks are showing no signs of slowing down in 2020.
Once unique function of REvil / Sodinokibi is that if victims do not pay the ransom the hackers threaten to auction the data they have copied to the highest bidder. This has been found on several occasions so the threat is real.
While REvil / Sodinokibi didn't create the encrypt/ransom/extortion type of ransomware, they certainly have increased the threat level substantially. If you have been infected with REvil / Sodinokibi, you are not alone.
USA Computer Services has the staff to restore your data, servers, workstations, and your network to get your business back up and running quickly and efficiently.
Call us immediately to get started recovering from REvil / Sodinokibi today!
704-665-1619
When was REvil / Sodinokibi first identified?
REvil / Sodinokibi was first identified in April 2019, and is one of the most prevalent ransomware strains currently in use today.
How is REvil / Sodinokibi spread?
REvil / Sodinokibi is spread through fake/fraudulent websites, email and spam, socially engineered attacks, and exploiting RDP (Remote Desktop Protocols).
Did the hackers steal my data before encrypting it?
Yes, this is what makes REvil / Sodinokibi particularly so dangerous. They have the decryptor, decryption keys, and a copy of all the data they have encrypted. They use this to further strengthen their threats. Their demands for ransom are typically in the $5,000-$10,000 range but even after paying the ransom, you have no way of knowing if they kept a copy of your data.
How long will recovery take?
This is always a tough question to answer. Since decryption without paying for the decryptor is not possible, it will depend greatly on the size of your network, the amount of data to be restored, the number of infected systems, and how your data is backed up. REvil / Sodinokibi infections are generally extremely large and therefore, the time to restore may be extensive. USA Computer Services has the staff available to restore your systems as quickly as possible, so call us today so we can get started evaluating your specific circumstances.
Can my data be recovered using a decryptor or is my data gone forever?
No, unfortunately, there is no publicly available decryptor for REvil / Sodinokibi. Your data will need to be restored from backups.
These are the general steps cyber criminals take in a typical ransomware attack
1) Infection
After the ransomware has been delivered to the system via email attachment, phishing email, infected application or other method, the ransomware then installs itself on that endpoint and any/all network devices it can access from that system. This can include mapped network drives, backup storage, servers, databases, and other workstations.
2) Encryption Key Exchange
The ransomware program then contacts the control server operated by the cybercriminals behind the attack, to generate the cryptographic keys to be used on the local system. This is how they are able to decrypt your data once the ransom has been paid. Some ransomware variants use a simple encryption algorithm while others use the same level of encryption the Military and financial institutions use.
3) Encryption of Data
The ransomware starts encrypting any files it can find on local machines and the network. It does this as "quietly" and as quickly as possible. What they are trying to do is get all of your data encrypted before you stop the process.
4) Extortion
With the encryption work done, the ransomware will now display the ransom and instructions for extortion and ransom payment, threatening destruction of data if payment is not made. There is usually a time limit, which if it expires, the decryption key may be deleted, or the price of the ransom may go up.
5) Unlocking or Recovery
Organizations can either pay the ransom and hope for the cybercriminals to actually decrypt the affected files (which in some cases does not happen), or they can attempt recovery by removing infected files and systems from the network and restoring data from clean backups. USA Computer Services never recommends paying the ransom. We have the experience in dealing with various ransomware attacks and there are almost always other alternatives if proper backup and disaster recovery steps were taken prior to the attack.
How to recover from a ransomware attack
1) Isolate
Prevent the infection from spreading by separating the infected computers from each other, shared storage, servers, and the rest of the network.
2) Identify
Identify the ransomware variant from the messages, cyber evidence on the computer, and various cybersecurity tools to determine which ransomware strain you are dealing with. You must quickly identify how the attack occurred and patch/close that security flaw. We may need to patch/update all systems, rebuild firewall configs, change all passwords, etc.
3) Report
Report to the authorities and coordinate measures to counter attack if the FBI or other governing authority requires assistance. You may also be required to notify your clients or customers that you have been a victim of a cybersecurity attack.
4) Create a list of recovery options
There are always a number of ways to deal with the infection and the recovery from the attack. We are here to help you make the best and quickest recovery decisions.
5) Restore
Using the most recent clean backups and program/software sources to restore your network/systems. Due to the disruption, you may need to consider new equipment and the latest software. We would have already identified this in step 4.
6) Prevention
Report on how the infection occurred and what you can do to put measures into place that will prevent it from happening again in the future.
Ransomware is a serious threat to your business.
USA COMPUTER SERVICES is a serious threat to RANSOMWARE!
Contact us now to begin your recovery process from REvil / Sodinokibi today.
704-665-1619
Our USA Computer Services team members are skilled professionals who take great pride in their work. Our team will arrive on time, keep you informed, deliver what we promise and guarantee our work. We’ll also get to know what’s important to you so that we can customize the way we work with your daily routine.
President / Owner
Senior Technician
Network Security Specialist
Field Services Technician
Help Desk Technician
Help Desk Technician
Office Manager / Marketing
USA Computer Services recovered our business from a ransomware attack and was able to save all of our data that was missing. Our old IT company never explained Ransomware to us but we are blessed you were able to save us.
Thomas. M - Plumbing Supply Warehouse
USA Computer Services provides the highest quality onsite and remote IT support. All of our products and support comes with an unconditional satisfaction guarantee. We specialize in Small and Medium sized businesses with all your IT needs. These are just some of the areas we can assist you. Call or contact us today to see how we can resolve your IT problems!
We have been extremely happy with USA Computer Services for over 7 years. I highly recommend them for your computer needs.
- Charlene G. - Legal Firm
USA Computer Services will stop at absolutely nothing to ensure our clients are protected against even the latest Cybersecurity threats.
Here are some statistics on the increasing threat of Cyber Crimes in 2023.
Our computer problems have completely disappeared since partnering with USA Computer Services. They have the friendliest Tech's and they are always on-time for our appointments.
- Christina. W - Town Administrator
Ready to see how "We do IT Better"?
We take cybersecurity very seriously and can help your business recover from a Revil Locker ransomware attack. Once we have recovered your business, our proven solutions can prevent your company from being held hostage by hackers in another ransomware or cybersecurity attack. We are so confident that we can prevent a cybersecurity attack at your business that we back it up with a $1,000,000 protection plan. Contact us today to get your business running again!
Contact Us
Headquarters:
525 North Tryon St. #1600
Charlotte, NC 28202