[ad_1]
Avast has simply launched a decryption instrument that can assist AtomSilo and LockFile ransomware victims recuperate a few of their recordsdata without cost with out having to pay a ransom.
Avast launched one other decryption instrument earlier in the present day to assist Babuk ransomware victims recuperate their recordsdata without cost.
Because the Czech cybersecurity software program agency defined, this decryptor could not be capable of decrypt recordsdata with unknown, proprietary, or with no format in any respect.
“Through the decryption course of, the Avast AtomSilo decryptor depends on a recognized file format to be able to confirm that the file was efficiently decrypted. For that purpose, some recordsdata is probably not decrypted,” Avast’s Menace Intelligence Crew mentioned.
The decryptor works for each ransomware strains as a result of they’re very related, regardless that the teams deploying them on victims’ networks use completely different assault techniques.
Avast Menace Labs mentioned this ransomware decryptor was created in collaboration with RE – CERT malware analyst Jiří Vinopal, who discovered a weak point within the AtomSilo ransomware earlier this month.
AtomSilo and LockFile victims can obtain the decryption instrument from Avast’s servers and decrypt whole disk partitions utilizing the directions displayed inside the decryptor’s UI.
BleepingComputer examined the instrument and recovered recordsdata encrypted with an Atom Silo pattern utilizing Avast’s free decryptor.
Avast Atom Silo decryptor (BleepingComputer)
The LockFile ransomware operation was first seen in July 2021 after the gang was noticed taking on Home windows domains and encrypting units after exploiting servers unpatched in opposition to the ProxyShell and PetitPotam vulnerabilities.
When encrypting recordsdata, LockFile ransomware will append the .lockfile extension to the encrypted recordsdata’ names and drop ransom notes named utilizing the ‘[victim_name]-LOCKFILE-README.hta’ format.
Of explicit curiosity is that LockFile’s shade scheme and ransom word format are similar to the LockBit ransomware. Nonetheless, there doesn’t look like any relation between the 2 teams.
Atom Silo is a newly noticed ransomware gang whose operators have lately focused Confluence Server and Knowledge Middle servers susceptible in opposition to a now patched and actively exploited bug.
The ransomware utilized by Atom Silo is nearly similar to LockFile, in keeping with SophosLabs researchers.
Nonetheless, Atom Silo operators use novel methods that make it extraordinarily tough to research their assaults, together with side-loading malicious dynamic-link libraries that disrupt endpoint safety options.
[ad_2]