Avast Releases AES_NI Ransomware Decrytor After Author Dumps Master Keys

[Bot]

Just as ransomware has rapidly turned into a full-on phenomenon, the war against this type of cyber attacks has grown too. In fact, Avast announced a brand new decryptor tool for the AES_NI ransomware, possible thanks to the public dump of the master private key a few days ago.

This particular ransomware family was first spotted in December 2016, with multiple variants having been detected in the wild since then. You can tell if you've been attacked by it if your encrypted files have one of these file extensions - example.docx.aes_ni, example.docx.aes256, or example.docx.aes_ni_0day.

As Avast's researchers explain, the ransomware generates an RSA session key for each machine it infects. This session key is then encrypted and saved to a file to the Program Data folder.


Read more: Avast Releases AES_NI Ransomware Decrytor After Author Dumps Master Keys

 

[oneeye]

Actually, there are a multitude of decryption tools out now by multiple vendors. So it should be easy to find one now. But, the malware is changing, improving as we read here, and so, later versions may not be easily undone.

 

[Winter Soldier]

But, the malware is changing, improving as we read here, and so, later versions may not be easily undone.

I agree with that, but when your files are encrypted and you don't have a backup, you have 3 options:

1) pay the ransom without the certainty of get back your files, because keep in mind that you're dealing with unscrupulous criminals and then by paying, you are helping the dirty business.

2) you can beat you head against the wall, cursing yourself why you've never made a backup.

3) you can try to recover your files using a decryptor tool for your specific ransomware version.
At this point you don't have anything else to lose.