CyberSecurityBoard
Sponsor Register Login

Online ransomware decryptor helps recover partially encrypted files

CyberArk has created an online version of 'White Phoenix,' an open-source ransomware decryptor targeting operations using intermittent encryption.
The company announced today that although the tool was already freely available through GitHub as a Python project, they felt an online version was needed for the less tech-savvy ransomware victims who don't know how to work with the code.
Currently, the tool supports PDFs, Word and Excel document files, ZIPs, and PowerPoint.
The online version has a file size limit of 10MB, so if you're looking to decrypt larger files or virtual machines, the GitHub version is the only way to go.
Intermittent encryption is a method used by many ransomware operations to speed up the encryption of devices by only partially encrypting the victim's files.
Current ransomware strains employing intermittent encryption include Blackcat/ALPHV, Play, Qilin/Agenda, BianLian, and DarkBit.
White Phoenix can only help victims hit by those strains.
Using intermittent encryption, threat actors can speed up their attacks while still leaving victims without a way to restore their data without paying.
Intermittent encryption comes with a weakness, as it leaves significant chunks of unencrypted data in a file.
If these chunks of unencrypted data contain useful information, especially at the start and end of the file, the chances for successfully rebuilding and restoring the file without paying for a decryptor is increased.
White Phoenix attempts to recover text in documents by concatenating unencrypted parts and by reversing hex encoding and CMAP scrambling.
White Phoenix is basically a tool that automates manual restoration used by data restoration experts, so depending on the file type and ransomware, the decryptor may not work particularly well.
CyberArk previously told BleepingComputer that certain strings need to be readable in the files depending on their type for the decryptor to work correctly.
Even if White Phoenix cannot help restore entire systems, it could still help restore valuable files or at least retrieve some data from them.
There are currently no working decryptors for the mentioned ransomware families, so restoration options are severely limited, making White Phoenix worth a try.
Note that if you're working with sensitive information, it would be recommended to download White Phoenix from GitHub and use it locally rather than uploading sensitive documents to CyberArk's servers.
Decryptor for Babuk ransomware variant released after hacker arrested.
New Black Basta decryptor exploits ransomware flaw to recover files.
Energy giant Schneider Electric hit by Cactus ransomware attack.
Ransomware payments drop to record low as victims refuse to pay.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 30 Jan 2024 22:05:23 +0000


Cyber News related to Online ransomware decryptor helps recover partially encrypted files

New decryptor for Babuk Tortilla ransomware variant released - Cisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant, allowing Talos to extract and share the private decryption key used by the threat actor. Cisco Talos shared the key with our peers at ...
5 months ago Blog.talosintelligence.com
Online ransomware decryptor helps recover partially encrypted files - CyberArk has created an online version of 'White Phoenix,' an open-source ransomware decryptor targeting operations using intermittent encryption. The company announced today that although the tool was already freely available through GitHub as a ...
5 months ago Bleepingcomputer.com
New Black Basta decryptor exploits ransomware flaw to recover files - Researchers have created a decryptor that exploits a flaw in Black Basta ransomware, allowing victims to recover their files for free. The decryptor allows Black Basta victims from November 2022 to this month to potentially recover their files for ...
6 months ago Bleepingcomputer.com
Babuk ransomware decryptor updated with Tortilla support The Register - Security researchers have put out an updated decryptor for the Babuk ransomware family, providing a free solution for victims of the Tortilla variant. A collaboration between Cisco Talos, Avast, and the Netherlands police led to the development of ...
5 months ago Go.theregister.com
New Decryption Key Available for Babuk Tortilla Ransomware Victims - A new decryptor key has been created for victims of the Babuk Tortilla ransomware variant, Cisco Talos has confirmed. These keys will be added to a generic Babuk decryptor previously created by Avast Threat Labs. This will enable users to download ...
5 months ago Infosecurity-magazine.com
'Black Basta Buster' Exploits Ransomware Bug for File Recovery - Researchers have exploited a weakness in a particular strain of the Black Basta ransomware to release a decryptor for the malware, but it doesn't recover all of the files encrypted by the prolific cybercriminal gang. Security research and consulting ...
6 months ago Darkreading.com
Black Basta Buster Utilizes Ransomware Flaw to Recover Files - Security research and consulting firm SRLabs exploited a vulnerability in the encryption algorithm of a specific strain of Black Basta ransomware to develop and release a decryptor tool named Black Basta Buster. This tool, released in response to the ...
6 months ago Heimdalsecurity.com
The Week in Ransomware - With it being the first week of the New Year and some still away on vacation, it has been slow with ransomware news, attacks, and new information. Last weekend, BleepingComputer tested a new decryptor for the Black Basta ransomware to show how it ...
5 months ago Bleepingcomputer.com
Free BianLian Ransomware Decryptor: A Complete Guide - With the recent emergence of ransomware attacks targeting organizations around the world, it has become increasingly important to have the latest security solutions in place in order to combat such threats. One of the most notable ransomware threats ...
1 year ago Securityaffairs.com
Teaching Digital Literacy and Online Safety - It is crucial for educators to prioritize teaching online safety to ensure that students are equipped with the necessary skills to protect themselves online. This article aims to explore the importance of teaching digital literacy and online safety, ...
6 months ago Securityzap.com
The Week in Ransomware - Attacks on hospitals continued this week, with ransomware operations disrupting patient care as they force organization to respond to cyberattacks. While many, like LockBit, claim to have policies in place to avoid encryping hospitals, we continue to ...
5 months ago Bleepingcomputer.com
Flaw in Black Basta Ransomware Exploited to Create Decryptor - Researchers at cybersecurity firm Security Research Labs exploited a flaw found in the algorithm of a ransomware variant used by the high-profile threat group Black Basta to develop a decryptor that can help some victims recover their encrypted ...
6 months ago Securityboulevard.com
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
6 months ago Feeds.fortinet.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
1 year ago Heimdalsecurity.com
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
5 months ago Securityboulevard.com
Decryptor for Babuk ransomware variant released after hacker arrested - Researchers from Cisco Talos working with the Dutch police obtained a decryption tool for the Tortilla variant of Babuk ransomware and shared intelligence that led to the arrest of the ransomware's operator. Tortilla is a Babuk ransomware variant ...
5 months ago Bleepingcomputer.com
Babuk Ransomware Decryptor Updated to Recover Files Infected - Hackers use ransomware to encrypt victims' files and render them inaccessible until a ransom is paid. This forces the victims to pay a ransom to regain access to compromised systems and data. This tactic leads to financial gains for the threat ...
5 months ago Cybersecuritynews.com
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
5 months ago Unit42.paloaltonetworks.com
Free Decryptor Released for Black Basta Ransomware - A vulnerability in the encryption algorithm used by the Black Basta ransomware has led researchers to develop a free decryptor tool. Active since April 2022, the Black Basta ransomware group employs a double extortion strategy, encrypting the vital ...
6 months ago Gbhackers.com
Role of Parents in Teaching Online Safety - In today's digital landscape, where children are increasingly exposed to the vast world of the internet, the role of parents in teaching online safety has become paramount. Parents should have regular conversations with their kids about the ...
6 months ago Securityzap.com
Cybersecurity for Homeschooling Parents: A Guide - With the increased reliance on technology and online tools, homeschooling parents must also address the pressing issue of cybersecurity. Whether it's securing tech tools, teaching safe online practices, or accessing valuable resources, this guide ...
6 months ago Securityzap.com
Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
3 months ago Bleepingcomputer.com
How the FBI seized BlackCat ransomware's servers - An unsealed FBI search warrant revealed how law enforcement hijacked the ALPHV/BlackCat ransomware operations websites and seized the associated URLs. Today, the US Department of Justice confirmed that they seized websites for the ALPHV ransomware ...
6 months ago Bleepingcomputer.com
FBI disrupts Blackcat ransomware operation, creates decryption tool - The Department of Justice announced today that the FBI successfully breached the ALPHV ransomware operation's servers to monitor their activities and obtain decryption keys. On December 7th, BleepingComputer first reported that the ALPHV, aka ...
6 months ago Bleepingcomputer.com
An Age-by-Age Guide to Online Safety for Kids - Although the access to information, entertainment, and connection it offers is vital to modern life, safeguarding kids' online safety is crucial for their wellbeing, development, and future success in an increasingly digital world. In the following ...
5 months ago Cyberdefensemagazine.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)