XData ransomware decryptor tool released

Doug OlenickMay 31, 2017

ESET has created and released a decryption tool for AESNI, or XData, ransomware variants.

Anyone infected by the malware, also known as Win32/Filecoder.AESNI.B and Win32/Filecoder.AESNI.C, can use the ESET tool. The decryptor works on files encrypted with the RSA key used by AES-NI variant B, which adds the extensions .aes256, .aes_ni, and .aes_ni_0day to the affected files, as well as files affected by AES-NI variant C (or XData) with the extensions .~xdata~ to any files it encrypts.

The tool may have come just in time as an uptick in the use of XData has recently been spotted with most infection taking place between May 17 and May 22. Just before this wave of attacks, Bleeping Computer reported that XData's developer said the ransomware's code had been stolen in February or March.

Doug Olenick

The Cybersecurity and Infrastructure Security Agency (CISA) emblem is seen at its headquarters in Arlington, Va.

Ransomware

CISA to deploy automated vulnerability warning program by year end

SC StaffApril 25, 2024

Cybersecurity and Infrastructure Security Agency Director Jen Easterly said that the agency's automated vulnerability warning program will be ready for full deployment by the end of the year, according to CyberScoop.

cyber threat risk management , malware and virus prevention , security awareness

Network Security

Ongoing global malware attack campaign seeks network compromise

SC StaffApril 25, 2024

Organizations in the Americas, Europe, and Asia have been subjected to the ongoing FROZEN#SHADOW attack campaign that involved the distribution of the stealthy SSLoad malware alongside Cobalt Strike and ConnectWise ScreenConnect software to compromise networks, reports The Hacker News.

Vulnerability Management

Ukrainian documents laced with old malware exposed

SC StaffApril 24, 2024

CyberScoop reports that over 100 Ukrainian local government and police documents uploaded to VirusTotal in February were discovered to have been infected with the OfflRouter malware, which dates back to 2015 and could only spread through already compromised files and removable media devices.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news