Emsisoft Released a Free Tool to Decrypt Data Corrupted by AstraLocker and Yashma

AstraLocker and Yashma decryption tool

Emsisoft has released a free decryption tool for files affected by AstraLocker and Yashma ransomware attacks.

Let me remind you that last week AstraLocker operators announced that the malware was ending its work and uploaded tools to VirusTotal to decrypt files affected by AstraLocker and Yashma attacks. The hackers said that they do not plan to return to ransomware in the future, but intend to switch to cryptojacking.

It was fun, but fun always ends. I close the whole operation, decryptors in ZIP files, clean. I’ll be back. I’m done with ransomware for now and I’m going to get into cryptojacking lol.hackers sadly reported.

Let me remind you that we also said that Free decryptor for BlackByte ransomware was published, and also that Cybersecurity specialists released a free decryptor for Lorenz ransomware.

While the malware developer did not disclose why AstraLocker suddenly stopped working, media outlets have speculated that this may be due to recently published reports from cybersecurity experts who have studied this malware. This could bring AstraLocker to the attention of law enforcement.

Using the published data, Emsisoft experts have created a free tool to rescue affected information, which is already available for download from the company’s servers. Also, experts have prepared instructions for using their decryptor.

The AstraLocker decryptor is for the Babuk-based threat and files with the extension .Astra or .babyk, (8 keys were released in total). The Yashma decryptor targets a Chaos-based threat using .AstraLocker extensions or random extensions in the .[a-z0-9]{4} format (3 keys released in total).the experts write.

AstraLocker and Yashma decryption tool

Emsisoft also recommends that victims of AstraLocker and Yashma whose systems have been compromised via Windows Remote Desktop change passwords for all accounts with remote access permissions, as well as look for other local accounts that may have been added by hackers.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

View all of Vladimir Krasnogolovy's posts.

Leave a comment

Your email address will not be published.