Emsisoft's Universal Decryptor
After learning about Emsisoft's decryptor, BleepingComputer reached out to Emsisoft CTO Fabian Wosar to learn more about how HSE was using it.
While Wosar refused to share information about their work with HSE, he explained that they created their 'Universal Decryptor' after that ransomware operations do a horrible job when decrypting files.
For example, Ryuk ransomware's decryptor was known to have
problems decrypting large files, leading to data corruption. Similarly, a
bug in Babuk Locker's decryptor caused data loss when decrypting ESXi servers.
In addition to the bugs, Wosar told BleepingComputer that ransomware operations' decryptors are "atrociously slow", which makes them a lot less effective than restoring files from backups.
While Emsisoft's decryptor was designed for data safety, it is also much faster than ransomware gang's decryptors. Since the tool comes from a well-known and respected cybersecurity company, it also eliminates the need to check the threat actor's decryptor for malicious behavior.
"We usually cut days off. Because no reversing needed to make sure it's safe, no backups that need to be done first, easier deployment, better logs, and ultimately we end up being much, much faster," Wosar told BleepingComputer.
Wosar also stated that it is not unheard of for victims to be affected by multiple ransomware attacks simultaneously, which prompted Emsisoft to adapt their decryptor to be able to load in multiple decryption keys from different ransomware families and decrypt the files in one go.
"More than 50 ransomware families and major variants are supported by the decryptor," explained Wosar.
