Emsisoft released a free decryptor for the Ims00rry ransomware

Security experts at Emsisoft released a new decryptor, it could be used for free by victims of the Ims00rry ransomware to decrypt their files.

Thanks to the experts at Emsisoft the victims of the Ims00rry ransomware can decrypt their files for free.

The Ims00rry ransomware used AES-128 algorithm for the encryption process. Unlike most of the ransomware, Ims00rry and doesn’t append an extension to the filenames of the encrypted files. Instead, the ransomware adds the text “—shlangan AES-256—” before the contents of the files. Authors of the malware ask the victim to contact them through the Telegram account @Ims00rybot.

Crooks demands a 50$ ransom worth of Bitcoin to decrypt the files.

Below the text of the ransom note:

I am sorry!!!
My friend. I want to start my own business, but i have no money.
All your files photos, databases, documents and other important are encrypted with strongest encryption and algorithms RSA 4096, AES-256.
If you want to restore your files payment and write to Telegram bot
Price decrypt software is $50.
Attention!!!
Do not rename or move the encrypted files.
Bitcoin wàllet:
1tnZbveCXmqRS1gfZSxztG5MbdJhptaqu

Contact Telegram bot:
@Ims00rybot

Emsisoft release the detailed usage guide for the decryptor that is available here.

In May Emsisoft experts released free Decrypter tools for other threats, the JSWorm 2.0 and GetCrypt.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – ransomware, malware)

[adrotate banner=”5″]

[adrotate banner=”13″]