BleepingComputer reports that Avast has issued a free decryption tool for various Hades ransomware variants including BrutusptCrypt, Jcrypt, MafiaWare666, and RIP Lmao.
Such a decryptor has been developed following Avast researchers' discovery of a vulnerability in Hades' encryption scheme but the efficacy of the tool in decrypting newer or unknown Hades samples with a different encryption scheme is uncertain. Moreover, only files with the .brutusptCrypt, .bmcrypt, .cyberone, .jcrypt, .l33ch, and .MafiaWare666 extensions could be decrypted with the free tool. After downloading the tool, Hades ransomware victims have been tasked to point it to a sample pair of encrypted and original files. While those with valid passwords for file decryption could input the password into the decryptor themselves, the decryptor could manually crack the password to commence the decryption process. Users are then recommended to tick the options for performing encrypted file backups and executing the process as administrator before beginning file decryption.
Numerous Ukrainian organizations have been compromised by a wave of attacks using the novel .NET-based RansomBoggs ransomware strain, which resembled prior attacks by the Russian state-sponsored threat operation Sandworm, reports The Hacker News.
Cincinnati State Technical and Community College has been impacted by a Vice Society ransomware attack, with allegedly stolen data being leaked by the attackers on their Tor data leak site, BleepingComputer reports.