Cybersecurity analysts have just released a decryption tool for BianLian ransomware, which should allow victims to recover their encrypted files for free, and thus avoid paying a ransom to cybercriminals.
BianLian first emerged in August 2022, with a series of attacks resulting in casualties across multiple sectors including media, manufacturing and healthcare. These attacks have affected organizations around the world.
Nice write up for of BianLian ransomware by @Avast and great job releasing a decryptor. https://t.co/XBiBbggpNq
— Allan “Ransomware Sommelier?” Liska (@uuallan) January 16, 2023
A free decryption tool
Victims of this malware now have the option to recover their files without paying the ransom.
Avast cybersecurity researchers have indeed developed and released a free BianLian ransomware decryption tool. It can be downloaded from the Avast site.
However, researchers warn that the decryptor can only restore files encrypted by a known variant of BianLian ransomware. New versions that appear will not be able to be decrypted by the tool in its current state.
Written in GB
“For new victims, it may be necessary to find the ransomware binary on the hard drive,” an operation complicated by the fact that the ransomware deletes itself after encryption, says a blog post from Avast Threat Research . The company says it is actively researching new samples to update the decryptor, so it can be used against more attacks.
Targeting Windows systems and written in the open-source Go programming language, BianLian uses an encryption technique that breaks files into pieces. This allows it to encrypt systems at high speed and avoid detection before the encryption is complete. Once this process is complete, victims receive a ransom note telling them that they have been targeted by the ransomware and should contact the attackers to ‘restore’ their data.
To do this, they must use a messaging application or an encrypted email. BianLian attackers also warn victims that they have stolen data and will release it if they do not receive the ransom payment within 10 days.
Prevention is better than cure
While ransomware is still a major threat worldwide, organizations can protect themselves against it by implementing several cybersecurity measures. For example, by enabling multi-factor authentication or requiring strong passwords. Don’t overlook security updates either, which should be applied as soon as they become available.
Source: ZDNet.com