Ransomware

Emsisoft releases free decryptors for AstraLocker and Yashma ransomware

Computers are plugged into a server at Joint Base Elmendorf-Richardson, Alaska, Nov. 20, 2017. (U.S. Air Force)
Victims of the AstraLocker and Yashma ransomware can recover their files with a free decryptor from Emsisoft. Pictured: Computers are plugged into a server at Joint Base Elmendorf-Richardson, Alaska, Nov. 20, 2017. (U.S. Air Force)

Emsisoft on Thursday released a free decryptor that lets victims of the AstraLocker and Yashma ransomware recover their files without having to pay a ransom.

The company explained that AstraLocker is ransomware based on the leaked Babuk source code, and encrypts files using a modified HC-128 encryption algorithm, and Curve25519. The extension ".Astra" or ".babyk" is appended to files.

On the Yashma front, Emsisoft said this ransomware gets distributed under the name of "AstraLocker 2.0", and it’s based on the Chaos ransomware builder, using a combination of AES-128 and RSA-2048 to encrypt files. The researchers said it  was distributed under the name of "AstraLocker 2.0" and the extension ".AstraLocker," or a random four-character alphanumeric extension is appended to files.

Ransomware has become lucrative and as more ransomware groups come to market, access brokering will grow in demand, said Davis McCarthy, principal security researcher at Valtix.

“As access brokering grows, the need for reliable and innovative delivery methods will grow, as well,” McCarthy said. “Latent malware infections may become ticking time-bombs, with remote access just waiting to be sold to the highest bidder. Proactive security processes, like threat hunting, aid in detecting emerging threats that lead to ransomware.”

Charles Medina, a security engineer at Token, said back-to-back years of cybersecurity talent shortages has left and continue to leave organizations vulnerable until there’ s a global fundamental change in how we practice cybersecurity.

“Companies, open source groups and ‘hobby’ security professionals providing free and open training to the public and enterprise entities are extremely important and vital to good offensive/defensive security approaches,” Medina said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.