Nov 3, 2021
0 0

Free decryption tools for AtomSilo, Babuk, and LockFire ransomware released by Avast

Written by

Graham Cluley
Computer security news, advice, and opinion
Avast releases free decryption tools for AtomSilo, Babuk, and LockFire ransomware victims
There is some more good news for those who have fallen foul of ransomware.
Czech security firm Avast has developed decryption utilities for victims of not one, not two, but three different ransomware strains – meaning that victims who have been hit may be spared paying a ransom to their attackers.
The ransomware in question is Babuk, LockFire, and AtomSilo.

In a blog post, Avast’s researchers explained that their decryption tool tackled both AtomSilo and Lockfire ransomware strains.
Avast also credited malware analyst Jiří Vinopal for his vital role in making the decryption tool possible, after he spent his free time analysing and finding weaknesses in the AtomSilo and LockFile encryption algorithms.
Unfortunately, there are some limitations on what can be decrypted by the tool, as the Avast blog explains:
The Avast AtomSilo decryptor relies on a known file format in order to verify that the file was successfully decrypted. For that reason, some files may not be decrypted. This can include files with proprietary or unknown format, or with no format at all, such as text files.
Nonetheless, the tool is clearly a massive aid for victims of the ransomware who do not have access to clean backups or are unable/unwilling to pay extortionists.
In addition, Avast has also released a free decryption tool for the Babuk ransomware.
Avast was able to create its Babuk decryptor following an analysis of the ransomware’s source code which was leaked onto the internet in September.
According to reports at the time, the Babuk source code was released after one of its developers (a 17-year-old Russian) was “diagnosed with stage 4 lung cancer.”

Avast says that its Babuk decryption tool will work for past victims whose encrypted files had been given the .babuk or .babyk file extensions.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.
Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.
Your email address will not be published. Required fields are marked *

{{#message}}{{{message}}}{{/message}}{{^message}}Your submission failed. The server responded with {{status_text}} (code {{status_code}}). Please contact the developer of this form processor to improve this message. Learn more{{/message}}
{{#message}}{{{message}}}{{/message}}{{^message}}It appears your submission was successful. Even though the server responded OK, it is possible the submission was not processed. Please contact the developer of this form processor to improve this message. Learn more{{/message}}
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Winner: Best Security Podcast 2018, 2019
Oct 28 2021
Ransomware attackers have got hurt feelings, what does Netflix know about you, and why are schoolkids stealing lavatory seats?
Special guest: Matt Davey.

Apple Podcasts | Google Podcasts | Spotify | RSS

Support the podcast:
Hire Graham Cluley to be a keynote speaker at your event or webinar
Send a tip or story idea | Hire Graham Cluley to speak at your event | Sponsorship | Contact | About
Complaints/Corrections | Privacy | Terms & Conditions
Copyright © 2001-2021 Cluley Associates Limited. All Rights Reserved.


Article Categories:
Cybersecurity News

Comments are closed.