Emsisoft Released a Free Tool to Decrypt Data Corrupted by AstraLocker and Yashma

Vladimir Krasnogolovy
Vladimir Krasnogolovy
2 Min Read
AstraLocker and Yashma decryption tool

Emsisoft has released a free decryption tool for files affected by AstraLocker and Yashma ransomware attacks.

Let me remind you that last week AstraLocker operators announced that the malware was ending its work and uploaded tools to VirusTotal to decrypt files affected by AstraLocker and Yashma attacks. The hackers said that they do not plan to return to ransomware in the future, but intend to switch to cryptojacking.

It was fun, but fun always ends. I close the whole operation, decryptors in ZIP files, clean. I’ll be back. I’m done with ransomware for now and I’m going to get into cryptojacking lol.hackers sadly reported.

Let me remind you that we also said that Free decryptor for BlackByte ransomware was published, and also that Cybersecurity specialists released a free decryptor for Lorenz ransomware.

While the malware developer did not disclose why AstraLocker suddenly stopped working, media outlets have speculated that this may be due to recently published reports from cybersecurity experts who have studied this malware. This could bring AstraLocker to the attention of law enforcement.

Using the published data, Emsisoft experts have created a free tool to rescue affected information, which is already available for download from the company’s servers. Also, experts have prepared instructions for using their decryptor.

The AstraLocker decryptor is for the Babuk-based threat and files with the extension .Astra or .babyk, (8 keys were released in total). The Yashma decryptor targets a Chaos-based threat using .AstraLocker extensions or random extensions in the .[a-z0-9]{4} format (3 keys released in total).the experts write.

AstraLocker and Yashma decryption tool

Emsisoft also recommends that victims of AstraLocker and Yashma whose systems have been compromised via Windows Remote Desktop change passwords for all accounts with remote access permissions, as well as look for other local accounts that may have been added by hackers.

You Might Also Like

Eriakos Scam in Facebook Ads Targets Personal and Banking Data

Vulnerability in WebKit engine could redirect iOS and macOS users to scam sites

Confluence RCE Vulnerability Under Massive Exploitation

Scientists have introduced a new algorithm for protection against deepfakes

Google experts published PoC exploit for Specter that is targeting browsers

TAGGED:
Share This Article
By Vladimir Krasnogolovy
Follow:
Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.
Previous Article False Positive Gridinsoft How to Report a False Positive Detection?
Next Article U2K Ransomware Strikes, Thousands Of Victims U2K Ransomware Strikes, Thousands Of Victims
Leave a comment

Stay Connected

Latest News

FakeBat Malware Exploits Google Search Ads, Again
FakeBat Loader is Back With New Tactics and Payload
Security News
Ivanti EPM RCE vulnerability fixed, patch now
RCE Vulnerability in Ivanti Endpoint Manager Uncovered, Patch Now
Security News
Hacker Uploads Data Leaked in MOVEit Breaches
Hacker Leaks Corporate Data Stolen in 2023 MOVEit Breaches
Security News
BBVA Bank Hacked, Data Posted on the Darknet Forum
Hacker Leaks BBVA Bank Data, Including User Details
Security News