xdataglobal
xdataglobal

ESET has created and released a decryption tool for AESNI, or XData, ransomware variants.

Anyone infected by the malware, also known as Win32/Filecoder.AESNI.B and Win32/Filecoder.AESNI.C, can use the ESET tool. The decryptor works on files encrypted with the RSA key used by AES-NI variant B, which adds the extensions .aes256, .aes_ni, and .aes_ni_0day to the affected files, as well as files affected by AES-NI variant C (or XData) with the extensions .~xdata~ to any files it encrypts.

The tool may have come just in time as an uptick in the use of XData has recently been spotted with most infection taking place between May 17 and May 22. Just before this wave of attacks, Bleeping Computer reported that XData's developer said the ransomware's code had been stolen in February or March.