[German]There may be good news for victims of AtomSilo, Babuk and LockFile ransomware. Antivirus vendor Avast has managed to decrypt files encrypted by these malware. In response, the company has released a free decryptor (decryption utility) that victims can use to attempt to decrypt the encrypted document.
Advertising
I came across the issue via the following tweet. Jiří Vinopal managed to crack AtomSilo's encryption, after which he forwarded the information to Avast.
Avast documented the details in this article on the company blog. The blog post also describes the Decryptor for AtomSilo. Catalin Cimpanu has given further hints in this article. Babuk source code for Windows, ESXI and NAS was also published by one of the developers of the Babuk ransomware group, as you can read in this tweet.
Avast writes on Twitter that the source code contains decryption keys for previous victims. Therefore, the decrypter only works for previous Babuk victims whose files were encrypted with either the .babuk or .babyk file extension. The decryptors for AtomSilo and LockFile are offered as a single download due to the similarities between the two ransomware strains. This AVAST page lists the available decryptors. The colleagues at Bleeping Computer have also addressed the issue in this article.
Advertising