Ransomware decryption: This tool could help some BianLian ransomware victims get files back

Cybersecurity analysts have launched a decryptor for BianLian ransomware that could enable victims to retrieve their encrypted files without spending a dime — and keep away from paying a ransom demand to cyber criminals. 

BianLian first appeared in August final yr, with a sequence of assaults claiming victims in industries together with media, manufacturing, and healthcare. The assaults have hit organizations world wide, with victims in international locations such because the US, Australia, and the UK. 

Targeting Windows programs, and written in open-source programming language Go, BianLian makes use of an encryption method that divides files into chunks, which helps it to encrypt programs at excessive velocity, in addition to serving to it to keep away from detection earlier than the encryption has been accomplished. 

Once this course of is accomplished, victims are offered with a ransom be aware telling them they have been hit with ransomware and that they should contact the attackers to “restore” their knowledge. Options for doing this embrace an encrypted messaging app or e mail.  

Also: Ransomware has now grow to be an issue for everybody, and never simply tech

The BianLian attackers additionally warn victims that they’ve stolen knowledge and can publish it if they do not obtain a ransom cost inside 10 days. 

But now victims have the prospect to retrieve their files with out paying the ransom, as a result of cybersecurity researchers at Avast have developed and launched a free BianLian ransomware decryption tool. 

However, the researchers warn that the decryptor can solely restore files encrypted by a recognized variant of the BianLian ransomware — new variations that seem will not be decrypted by the tool in its present state.

“For new victims, it may be necessary to find the ransomware binary on the hard drive; however, because the ransomware deletes itself after encryption, it may be difficult to do so,” stated a weblog submit by Avast Threat Research. 

Also: Ransomware: Why it is nonetheless a giant risk, and the place the gangs are going subsequent

The free BianLian ransomware decryptor is accessible to obtain from Avast — and the corporate says it is actively searching for new samples to replace the decryptor, so it may be used towards extra assaults. 

Ransomware continues to be a serious cybersecurity risk to organizations world wide, however falling sufferer is not inevitable.  

Steps that organizations can take to keep away from falling sufferer embrace defending person accounts with multi-factor authentication, making certain that widespread or simply guessable passwords aren’t getting used, and making use of safety updates, which defend programs towards recognized vulnerabilities, as quickly as attainable. 

MORE ON CYBERSECURITY

• Ransomware decryption tool: Victims of MegaCortex can now unlock their files without spending a dime
• Ransomware: This is how half of assaults start, and that is how one can cease them
• The actual value of ransomware is even greater than we realised
• This firm was hit by ransomware. Here’s what they did subsequent, and why they did not pay up
• Police tricked a ransomware gang into handing over its decryption keys. Here’s how they did it