On Wednesday 5th of October 2022, Avast announced that they had released a free decryption tool for variants of the MafiaWare666 ransomware known as ‘Jcrypt’, ‘RIP Lmao’, and ‘BrutusptCrypt,’ allowing victims to recover their files for free.
Avast stated they discovered a flaw in the encryption scheme of the MafiaWare666 strain, that allowed some of the variants to be unlocked. However, this may not apply to newer or unknown samples that use a different encryption system.
The Avast decryptor only supports files encrypted by specific variants of the MafiaWare666 ransomware family. These variants include the following extensions and strings appended/prepended to an encrypted file’s name: