Free decrypters released for AtomSilo, Babuk, and LockFile ransomware strains
Image: Samantha Lam
Catalin Cimpanu October 27, 2021

Free decrypters released for AtomSilo, Babuk, and LockFile ransomware strains

Free decrypters released for AtomSilo, Babuk, and LockFile ransomware strains

Antivirus maker and cyber-security firm Avast has released today free decryption utilities to recover files that have been encrypted by three ransomware strains—AtomSilo, Babuk, and LockFile.

The AtomSilo and LockFile decrypters are being offered as one single download because of the similarities between the two ransomware strains.

“Both the AtomSilo and LockFile ransomware strains are very similar to each other and except for minor differences, this description covers both of them,” Avast said in a blog post today.

AtomSilo-decrypter
Image: Avast

Avast said they were able to break the ransomware’s encryption scheme and create the decrypter using information shared by Jiří Vinopal, a security researcher at RE-CERT, who posted on Twitter earlier this month that he found a way to crack AtomSilo’s encryption and had already created a proof-of-concept decrypter.

On the other hand, the Babuk decrypter is being offered separately.

Avast said they created the decrypter using the source code of the original Babuk ransomware, which was shared on a Russian-speaking cybercrime forum at the start of September.

In a tweet today, Avast said the source code contained decryption keys for past victims.

However, the decrypter will only work for past Babuk victims that had files encrypted with either the .babuk or .babyk file extensions only.

Babuk-decrypter
Image: Avast

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.