The rise of ransomware has given a whole new world of meanings to cyber threat. It’s now one of the dangerous malware forms in that it locks users out of their computer and important files using robust encryption tools. Unless you pay the amount demanded by attackers, you’ll have to look for other ways to recover your data. Fortunately, some of the major security vendors got your back with free decryption tools.
One such security firm is Avast, which recently released four new free tools to decrypt various types of ransomware. The company expanded its roster of decryptors for the new ransomware strains: Alcatraz Locker, CrySiS, Globe, and NoobCrypt. Avast is offering these tools free of charge. So the next time you’re hit with any of these ransomware attacks, check out Avast’s decryptors to retrieve your computer files.
The Alcatraz Locker ransomware first surfaced in November of this year. The ransomware is so called because of the eponymous extension name it appends to files it encrypts. But Alcatraz Locker is not like the typical ransomware in that it does not discriminate target files. That means the ransomware locks any file it can find in the victim’s computer. The ransomware targets only files in the %PROFILES% directory to avoid damaging the operating system, according to Avast.
Avast also belied the ransomware’s lock-screen message that says it uses the AES-256 encryption with a 128-bit password, noting that the password actually uses 128 bytes, not 128 bits. Alcatraz Locker then adds another layer of encryption to the locked files using BASE64.
Alcatraz Locker usually asks victims to pay 0.3283 Bitcoin, or roughly $240, to recover their files. With Avast’s new decryptor, it’s now free to retrieve your precious documents.
CrySiS has begun to infect computers in September 2015 using AES and RSA algorithms for encryption. Unlike other ransomware strains that contain a list of specific target files, CrySiS instead contains a list of files it won’t encrypt.
Globe started its operation in August 2016. The ransomware is written in Delphi and can be modified, thus the rise of many of its variants that uses various extensions to lock files. What is interesting about this ransomware, according to Avast, is the built-in debug mode. Globe uses RC4 or BlowFish encryption to lock documents.
Avast first spotted the NoobCrypt strain in July of this year. It is written in C# and uses AES256 encryption. The ransomware displays a confusing mix of messages: It requests payments in New Zealand Dollars, but also instructs victims to send payments to a Bitcoin address. Although NoobCrypt has a legit unlock code to decrypt files, Avast’s NoobCrypt decryption tool can now unlock all known NoobCrypt versions.