Emsisoft has released a free decryption tool for files affected by AstraLocker and Yashma ransomware attacks.
Let me remind you that last week AstraLocker operators announced that the malware was ending its work and uploaded tools to VirusTotal to decrypt files affected by AstraLocker and Yashma attacks. The hackers said that they do not plan to return to ransomware in the future, but intend to switch to cryptojacking.
Let me remind you that we also said that Free decryptor for BlackByte ransomware was published, and also that Cybersecurity specialists released a free decryptor for Lorenz ransomware.
While the malware developer did not disclose why AstraLocker suddenly stopped working, media outlets have speculated that this may be due to recently published reports from cybersecurity experts who have studied this malware. This could bring AstraLocker to the attention of law enforcement.
Using the published data, Emsisoft experts have created a free tool to rescue affected information, which is already available for download from the company’s servers. Also, experts have prepared instructions for using their decryptor.
Emsisoft also recommends that victims of AstraLocker and Yashma whose systems have been compromised via Windows Remote Desktop change passwords for all accounts with remote access permissions, as well as look for other local accounts that may have been added by hackers.