Today, ESET announced the release of a AES-NI decryption tool for victims whose data has been encrypted by Win32/Filecoder.AESNI.B and Win32/Filecoder.AESNI.C (also known as XData). The AES-NI decryption tool is based on keys recently released via Twitter and a help forum for ransomware victims. “The decryption tool works for files encrypted by the offline RSA key used by the AES-NI variant B, which adds the extensions .aes256, .aes_ni, and .aes_ni_0day as well as for the so-called XData variant adding .~xdata~ to the affected files”, explains Ondrej Kubovič, Security Specialist at ESET. Victims who still have their encrypted files can now download the decryptor from ESET’s utilities page. For additional information on how to use the tool and detailed information on specific cases where the decryptor can’t help, please refer to ESET Knowledgebase. More background information on what appears to be the malware creators’ demise, and how to protect yourself from ransomware, can be found at ESET’s official blog, WeLiveSecurity.
About ESET
Since 1987, ESET® has been developing award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 200 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires. For more information visit www.eset.com or follow us on LinkedIn, Facebook and Twitter.