Avast launches four new ransomware decryptors

Edward Hudson By: Edward Hudson
2 minute read

Home » Avast launches four new ransomware decryptors

The rise of ransomware has given a whole new world of meanings to cyber threat. It’s now one of the dangerous malware forms in that it locks users out of their computer and important files using robust encryption tools. Unless you pay the amount demanded by attackers, you’ll have to look for other ways to recover your data. Fortunately, some of the major security vendors got your back with free decryption tools.

One such security firm is Avast, which recently released four new free tools to decrypt various types of ransomware. The company expanded its roster of decryptors for the new ransomware strains: Alcatraz Locker, CrySiS, Globe, and NoobCrypt. Avast is offering these tools free of charge. So the next time you’re hit with any of these ransomware attacks, check out Avast’s decryptors to retrieve your computer files.

Alcatraz Locker

The Alcatraz Locker ransomware first surfaced in November of this year. The ransomware is so called because of the eponymous extension name it appends to files it encrypts. But Alcatraz Locker is not like the typical ransomware in that it does not discriminate target files. That means the ransomware locks any file it can find in the victim’s computer. The ransomware targets only files in the %PROFILES% directory to avoid damaging the operating system, according to Avast.

Avast also belied the ransomware’s lock-screen message that says it uses the AES-256 encryption with a 128-bit password, noting that the password actually uses 128 bytes, not 128 bits. Alcatraz Locker then adds another layer of encryption to the locked files using BASE64.

Alcatraz Locker usually asks victims to pay 0.3283 Bitcoin, or roughly $240, to recover their files. With Avast’s new decryptor, it’s now free to retrieve your precious documents.

CrySiS

CrySiS has begun to infect computers in September 2015 using AES and RSA algorithms for encryption. Unlike other ransomware strains that contain a list of specific target files, CrySiS instead contains a list of files it won’t encrypt.

Globe

Globe started its operation in August 2016. The ransomware is written in Delphi and can be modified, thus the rise of many of its variants that uses various extensions to lock files. What is interesting about this ransomware, according to Avast, is the built-in debug mode. Globe uses RC4 or BlowFish encryption to lock documents.

NoobCrypt

Avast first spotted the NoobCrypt strain in July of this year. It is written in C# and uses AES256 encryption. The ransomware displays a confusing mix of messages: It requests payments in New Zealand Dollars, but also instructs victims to send payments to a Bitcoin address. Although NoobCrypt has a legit unlock code to decrypt files, Avast’s NoobCrypt decryption tool can now unlock all known NoobCrypt versions.

Discussions

Next up

Windows 10 build 18298 revamps File Explorer’s light theme

Giles Ensor avatar. By: Giles Ensor
3 minute read

Microsoft recently rolled out the Windows 10 Build 18298. Let’s see what we can look forward to seeing in the near future. Before we start, […]

Continue Reading

Windows File Protection: Here is all you want to know

Sovan Mandal avatar. By: Sovan Mandal
3 minute read

Windows File Protection happens to be a built-in Windows feature designed to protect critical system files from getting replaced or overwritten, be it inadvertently or […]

Continue Reading

Top 10 USB gadgets for computer to get for this Christmas

Milan Stanojevic avatar. By: Milan Stanojevic
Less than a 1 minute read

Christmas is almost here, and if you’re planning to do so shopping, we suggest that you have a look at these great USB gadgets for […]

Continue Reading