ESET Releases Ransomware Decryptor to Help Victims of AES-NI and XData Get Their Files Back

Today, ESET announced the release of a AES-NI decryption tool for victims whose data has been encrypted by Win32/Filecoder.AESNI.B and Win32/Filecoder.AESNI.C (also known as XData). The AES-NI decryption tool is based on keys recently released via Twitter and a help forum for ransomware victims.

“The decryption tool works for files encrypted by the offline RSA key used by the AES-NI variant B, which adds the extensions .aes256, .aes_ni, and .aes_ni_0day as well as for the so-called XData variant adding .~xdata~ to the affected files”, explains Ondrej Kubovič, Security Specialist at ESET.

Victims who still have their encrypted files can now download the decryptor from ESET’s utilities page. For additional information on how to use the tool and detailed information on specific cases where the decryptor can’t help, please refer to ESET Knowledgebase.

More background information on  what appears to be the malware creators’ demise, and how to protect yourself from ransomware, can be found at ESET’s official blog, WeLiveSecurity.

About ESET

For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security, to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real-time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET becomes the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003. For more information visit or follow us on LinkedInFacebook and Twitter.