ESET releases ransomware decryptor to help XData and AES-NI victims retrieve files

Next story

Today, ESET announced the release of a AES-NI decryption toolfor victims whose data has been encrypted by Win32/Filecoder.AESNI.B and Win32/Filecoder.AESNI.C (also known as XData). The AES-NI decryption tool is based on keys recently released via Twitter and a help forum for ransomware victims.

“The decryption tool works for files encrypted by the offline RSA key used by the AES-NI variant B, which adds the extensions .aes256, .aes_ni, and .aes_ni_0day as well as for the so-called XData variant adding .~xdata~ to the affected files,” explains ESET Security Specialist Ondrej Kubovič.

Victims who still have their encrypted files can now download the decryptor from ESET’s utilities page. For additional information on how to use the tool and detailed information on specific cases where the decryptor can help, please refer to ESET Knowledgebase.

More background information on  what appears to be the malware creators’ demise, and how to protect yourself from ransomware, can be found at on ESET’s security news site, WeLiveSecurity.

About ESET

For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security, to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real-time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003. For more information visit or follow us on LinkedInFacebook and Twitter.

Media Contact:

Anna Keeve

ESET North America