On Thursday 7th of July 2022, Emsisoft, a New Zealand-based cybersecurity firm announced that they had released a free decryption tool for AstraLocker and Yashma ransomware which is available for download from Emsisoft’s servers. The decryption tool is based on AstraLocker’s Babuk-based decryptor and Yashma’s Chaos-based decryptor.
Emsisoft has warned the victims of these ransomware variants to quarantine the malware before attempting to use the tool to ensure that the ransomware doesn’t repeatedly encrypt their systems. The decryptor works by pre-populating the locations to decrypt with the currently connected drives and network drives. It also has a failsafe function to ensure that the encrypted files are not lost or corrupted after attempting to use the tool to decrypt the files.
Emsisoft also advised the victims to change all passwords for all user accounts that have permissions to log in remotely and to check for any new added local accounts which may have been added by the ransomware gangs.
© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.