Free decrypters released for AtomSilo, Babuk, and LockFile ransomware strains

Antivirus maker and cyber-security firm Avast has released today free decryption utilities to recover files that have been encrypted by three ransomware strains—AtomSilo, Babuk, and LockFile.

The AtomSilo and LockFile decrypters are being offered as one single download because of the similarities between the two ransomware strains.

"Both the AtomSilo and LockFile ransomware strains are very similar to each other and except for minor differences, this description covers both of them," Avast said in a blog post today.

Avast said they were able to break the ransomware's encryption scheme and create the decrypter using information shared by Jiří Vinopal, a security researcher at RE-CERT, who posted on Twitter earlier this month that he found a way to crack AtomSilo's encryption and had already created a proof-of-concept decrypter.

Something big -> I just cracked #AtomSilo - one of the Latest Ransomware Family - More information soon. Stay Tuned. (cde07f39b45b883c861f4d4d0c6afb80)
For more information (Only for trusted Security accounts) DM me.
Please help me to reach more People who could be affected!!!

— Jiří Vinopal (@vinopaljiri) October 17, 2021

On the other hand, the Babuk decrypter is being offered separately.

Avast said they created the decrypter using the source code of the original Babuk ransomware, which was shared on a Russian-speaking cybercrime forum at the start of September.

One of the developers for Babuk ransomware group, a 17 year old person from Russia, has been diagnosed with Stage-4 Lung Cancer. He has decided to leaked the ENTIRE Babuk source code for Windows, ESXI, NAS.

You can download the Babuk source here: vx-underground[.]org/tmp/

— vx-underground (@vxunderground) September 3, 2021

In a tweet today, Avast said the source code contained decryption keys for past victims.

However, the decrypter will only work for past Babuk victims that had files encrypted with either the .babuk or .babyk file extensions only.