New Update Free Ransomware Decryption Tools by Avast

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Last edited:

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Decrypted: TaRRaK Ransomware
The TaRRaK ransomware appeared in June of 2021. This ransomware contains many coding errors, so we decided to publish a small blog about them. Samples of this ransomware were spotted in our user base, so we also created a decryptor for this ransomware.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Decrypted: MafiaWare666 Ransomware
Avast releases a MafiaWare666 ransomware decryption tool. MafiaWare666 is also known as JCrypt, RIP Lmao, BrutusptCrypt or Hades.

MafiaWare666 is a ransomware strain written in C# which doesn’t contain any obfuscation or anti-analysis techniques. It encrypts files using the AES encryption. We discovered a vulnerability in the encryption schema that allows some of the variants to be decrypted without paying the ransom. New or previously unknown samples may encrypt files differently, so they may not be decryptable without further analysis.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Avast releases free BianLian ransomware decryptor
Security software company Avast has released a free decryptor for the BianLian ransomware strain to help victims of the malware recover locked files without paying the hackers.

The availability of a decryptor comes only about half a year after increased activity from BianLian ransomware over the summer of 2022, when the threat group breached multiple high-profile organizations.

Avast's decryption tool can only help victims attacked by a know variant of the BianLian ransomware.

If the hackers are using a new version of the malware that researchers have yet to catch, the tool is of no help at the moment.

However, Avast says the BianLian decryptor is a work in progress, and the ability to unlock more strains will be added shortly.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Decrypted: Akira Ransomware
Researchers for Avast have developed a decryptor for the Akira ransomware and released it for public download. The Akira ransomware appeared in March 2023 and since then, the gang claims successful attacks on various organizations in the education, finance and real estate industries, amongst others.

Note that this ransomware is not related to the Akira ransomware discovered by Karsten Hahn in 2017 and our decryptor cannot be used to decrypt files from this old variant.

The Akira ransomware comes as a 64-bit Windows binary written for Windows operating system. It is written in C++ with heavy support from C++ libraries. Additionally, Boost library was used to implement the asynchronous encryption code. The binary is linked by Microsoft Linker version 14.35.

In June 2023, a security researcher rivitna published a sample that is compiled for Linux. The Linux version is 64-bit and uses the Boost library.
How to use the Avast decryption tool to decrypt files encrypted by the ransomware:
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top