Infosecurity Group Websites
Latest
News

Emsisoft Releases Free Decryptor For AstraLocker and Yashma Ransomware

Cybersecurity solutions provider Emsisoft has released a free decryption tool to enable AstraLocker and Yashma ransomware victims to recover their files without paying a ransom.

The company made the announcement in a series of Twitter posts earlier today, providing a download link and related instructions for the tool.

“The AstraLocker decryptor is for the Babuk-based one using .Astra or .babyk extension, and they released a total of 8 keys,” reads one of the tweets.

“The Yashma decryptor is for the Chaos-based one using .AstraLocker or a random .[a-z0-9]{4} extension, and they released a total of 3 keys.”

Emsisoft also warned AstraLocker and Yashma Ransomware victims to take precautions before using the decryptor.

“Be sure to quarantine the malware from your system first, or it may repeatedly lock your system or encrypt files,” the company said in the instructions on how to use the tool.

Further, the company issued additional recommendations in case the victim’s systems were targeted via the windows remote desktop (WRD) feature.

“If your system was compromised through [WRD], we also recommend changing all passwords of all users that are allowed to login remotely and check the local user accounts for additional accounts the attacker might have added,” Emsisoft wrote.

The release of the decryption tool comes days after the threat actor behind AstraLocker told BleepingComputer they were shutting down the operation with the intention of pivoting to crypto mining.

“It was fun, and fun things always end sometime. I’m closing the operation, decryptors are in zip files, clean. I will come back,” AstraLocker’s developer told the tech publication. “I’m done with ransomware for now. I’m going in cryptojaking lol.”

For context, decryption tools are relatively rare in the ransomware world. However, they are sometimes created by particularly pro-active cybersecurity companies and, in extremely rare cases, offered by the attackers themselves.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

New PrintNightmare Patch Can Be Bypassed, Say Researchers

2
News

Cybercrime Costs Organizations Nearly $1.79 Million Per Minute

3
News

CTOs Keeping Quiet on Breaches to Avoid Cyber Blame Game

4
News

Over 170 Scam Cryptomining Apps Charge for Non-Existent Services

5
News

Most Insider Data Breaches Aren't Malicious

6
News

Kremlin Hackers Reportedly Breached Republican National Committee

1
News

Emsisoft Releases Free Decryptor For AstraLocker and Yashma Ransomware

2
News

Spear Phishing Fake Job Offer Likely Behind Axie Infinity's Lazarus $600m Hack

3
News

Disneyland's Instagram and Facebook Accounts Hacked to Show Racist Content

4
News

Aon Hack Exposed Sensitive Information of 146,000 Customers

5
News

Lawyers Urged to Stop Advising Clients to Pay Ransomware Demands

6
News

Chinese Cyber Espionage Groups Increasingly Targeting Russia

1
Webinar

Overcoming 'Shadow IT' Need and Risk

2
Webinar

How to Rethink End-User Protection and Eliminate Phishing and Ransomware

3
Webinar

Machine ID Management and Digital Transformation: Building a Secure Future

4
Webinar

New Strategies for Managing Machine Identities

5
Webinar

Third-Party Vulnerabilities: Demystifying the Unknown

6
Webinar

Defining the Zero Trust and SASE Relationship

1
Digital Edition

Infosecurity Magazine, Digital Edition, Q1, 2022, Volume 19, Issue 1

2
Webinar

Hackers Are Striking Gold with Your Employees' PII

3
Podcast

IntoSecurity Chats, Episode 8: Brian Honan, brought to you by HP

4
News Feature

As Nation-State and Cybercrime Threats Conflate, Should CISOs Be Worried?

5
Editorial

Editorial: Only the Good Die Young (Q1 2022 Issue)

6
Webinar

The Journey Beyond the Endpoint