Good news for the victims of the Aurora Ransomware, there are many variants of this Windows malware but most of the victims have been infected by the version that appends the
Attackers infect systems through Remote Desktop Services accesses, once files are encrypted the ransomware will create on the Windows desktop and in various folders on the computer a ransom note.
Now the popular malware researcher Michael Gillespie has developed a decryptor that allows the
The decryptor supports the variants that append the following extensions to the encrypted files:
.Nano
.animus
.Aurora
.desu
.ONI
.aurora
To decrypt files encrypted by the Aurora ransomware, victims need to download and execute the Aurora Decryptor.
To start
.png, .gif, .pdf, .docx, .xlsx, .pptx, .doc, .xls, .ppt, .vsd, .psd, .mp3, .wmv, .zip, .rar, .pst, .rtf, .mdb, .ico, .lnk, .fdb, .jar, and .idx
Once selected the two encrypted files the victims can start the Bruteforcer, the process could be time-consuming, but don’t worry.
The process will end with the discovery of the decryption key, closing the
BruteForcer the key will be automatically loaded into the decryptor.
Now the users can choose to decrypt a directory by selecting it or to decrypt an entire drive by selecting the drive letter.
“When it has finished, the decryptor will display a summary of the
Note that the original encrypted files will remain on victim’s computer until he will confirm that they have been properly decrypted.
“you can use CryptoSearch to move all the encrypted files into one folder so you can delete or archive them.” suggests Lawrence Abrams.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – Aurora Ransomware, malware)
[adrotate banner=”5″] [adrotate banner=”13″]