Online White Phoenix ransomware decryptor tool released

BleepingComputer reports that the White Phoenix ransomware decryption tool has been made available on the web by CyberArk to ease the recovery from attacks involving ransomware strains with intermittent encryption, such as ALPHV/BlackCat, BianLian, DarkBit, Agenda/Qilin, and Play, months after the decryptor was released as a Python project on GitHub. Ransomware-impacted organizations and individuals with limited code knowledge could leverage the online White Phoenix decryptor by pressing the "recover" button after uploading Word, Excel, and PowerPoint files, as well as PDFs and ZIPs, according to CyberArk. Aside from linking unencrypted portions of documents, White Phoenix facilitates text recovery through hex encoding reversal and character mapping scrambling. However, users have been advised to add certain strings when recovering PDFs and ZIP files, as well as use the "separate files" option when restoring PDFs with images. Organizations looking to decrypt virtual machines and larger files have also been recommended to use the GitHub version due to the online decryptor's 10MB file size limit.