Researchers have created a decryptor that exploits a flaw in Black Basta ransomware, allowing victims to recover their files for free.
The decryptor allows Black Basta victims from November 2022 to this month to potentially recover their files, however, BleepingComputer has learned that the Black Basta developers fixed the bug in their encryption routine about a week ago, preventing this decryption technique from being used in newer attacks.
The 'Black Basta Buster' decryptor comes from Security Research Labs (SRLabs), which found a weakness in the encryption algorithm used by the ransomware gang's encryptors that allows for the discovery of the ChaCha keystream used to XOR encrypt a file.
"Our analysis suggests that files can be recovered if the plaintext of 64 encrypted bytes is known. Whether a file is fully or partially recoverable depends on the size of the file," explains the writeup on the method in
SRLabs' GitHub repository.
