Darkside Ransomware Decryption Tool

[mood]

Darkside Ransomware Decryption Tool

 

We’re happy to announce the availability of a decryptor for Darkside. This family of ransomware has emerged in August 2020 and operates operate under a ransomware-as-a-service business model.

How to use this tool

 

Step 1: Download the decryption tool below and save it on your computer.

 

Download the DarkSide Ransomware decryptor

 

Step 2: Double-click the file (previously saved as BDDarkSideDecryptor.exe) and allow it to run.  

 

Step 3: Select “I Agree” in the License Agreement screen

 

 

 

Note: The tool attempts to identify the file extension of the encrypted files automatically. In this example, the encrypted files have the *.e392d905 extension. Please make sure that you have encrypted files on the system you are running the tool.

 

Step 4: Select “Scan Entire System” if you prefer the tool to search for all encrypted files. Alternatively, add the path to the location you previously moved the encrypted files.

 

We strongly recommend that you also select “Backup files” before starting the decryption process to avoid potential loss or corruption during decryption. Then press “Start Tool”.

At the end of this step, your files should be decrypted.

If you encounter any issues, please contact us at [email protected].  

 

If you have checked the backup option, you will see both the encrypted and decrypted files. You can also find a log of the decryption process in the %temp%\BDRemovalTool folder.   

 

To remove the encrypted files left behind, you should search for files matching the extension and mass-remove them. We do not encourage you to do this until you made sure that your files can be opened safely and there is no damage to the decrypted files.  

 

Acknowledgement:  

This product may include software developed by the OpenSSL Project, for use in the OpenSSL Toolkit (http://www.openssl.org/)   

 

 

Source: Darkside Ransomware Decryption Tool

[mood]

DarkSide ransomware decryptor recovers victims' files for free

 

 

Romanian cybersecurity firm Bitdefender has released a free decryptor for the DarkSide ransomware to allow victims to recover their files without paying a ransom.

 

DarkSide is a human-operated ransomware that has already earned millions in payouts since it started targeting enterprises in August 2020.

 

The operation has seen a spike in activity between October and December 2020 when the amount of DarkSide sample submissions on the ID-Ransomware platform more than quadrupled.

 

Image: ID-Ransomware

 

Download the DarkSide decryptor

The DarkSide ransomware decryption tool can be downloaded from BitDefender and it will allow you to scan your entire system or just a single folder for encrypted files. 

 

The decryptor will automatically decrypt all encrypted documents it finds on your computer and, once it's done, it will remind you to backup your data in the future.

"To remove the encrypted files left behind, you should search for files matching the extension and mass-remove them," Bitdefender said.

"We do not encourage you to do this until you made sure that your files can be opened safely and there is no damage to the decrypted files."

 

DarkSide ransomware decryptor (Bitdefender)

 

RaaS asks for millions as ransom

DarkSide operates under a ransomware-as-a-service business model and the gang is made out of former affiliates who have already made millions working with other ransomware operations.

 

After encrypting their victims' systems, they will charge different amounts depending on the amount of devices encrypted and if they were able to steal data from the victim.

 

From previous DarkSide attacks documented by BleepingComputer, its ransom demands range from $200,000 to $2,000,000, depending on the size of the compromised organizations.

 

 

In November, the DarkSide gang announced that they were building a distributed and sustainable storage system hosted in Iran and in other "unrecognized republics."

 

Since the U.S. government has sanctions against Iran, DarkSide ransom payments could be used to pay Iranian hosting providers which could expose victims to fines due to sanction violations.

 

By hosting some of their servers in Iran, DarkSide's plans could lead to additional hurdles businesses will have to deal with when deciding if they will pay the ransom.

 

The release of this free decryptor makes it a lot easier to deal with the aftermath of a DarkSide attack by restoring files on encrypting systems.

 

However, DarkSide affiliates will still use the files they steal before deploying the ransomware on the network as a leverage in their extortion attempts.

 

 

Source: DarkSide ransomware decryptor recovers victims' files for free