December 8, 2022
Cybersecurity Company Avast releases free decryptor for Hades ransomware variants

Avast has released a decryptor for variants of the Hades ransomware known as ‘MafiaWare666’, ‘Jcrypt’, ‘RIP Lmao’, and ‘BrutusptCrypt,’ which can allow the victims of these ransomware strains to recover their files without paying the ransom.

Avast security firm now suggested the victims of Hade’s ransomware gangs to avoid paying any ransom to these threat actors. 

Avast discovered a flaw in the encryption scheme of the Hades strain, allowing some of the variants to be unlocked. 

However, this may not apply to newer or unknown samples that use a different encryption system.

The experts pointed out that the Hades ransomware affected by the flaw did not exfiltrate any data from the victims.

For example, MafiaWare666 is a ransomware strain written in C# which doesn’t contain any obfuscation or anti-analysis techniques. The malicious code encrypts files using AES encryption.

Avast is the firm that consistently offers a ransomware decryptor and it is a well-known cybersecurity company.

It should be noted that this Hades ransomware family is different from the Hades ransomware used by Evil Corp in an attack on ForwardAir.

This time Avast has found a way to skip the part wherein ransomware victims would have to pay staggering amounts of ransom. And to do so, various cybersecurity platforms have begun providing decryptors for various variants of ransomware.

The Avast decryptor only supports files encrypted by specific variants of the Hades ransomware family. 

Check out the supported extensions and strings that are given below:

  • .MafiaWare666
  • .jcrypt
  • .brutusptCrypt
  • .bmcrypt
  • .cyberone
  • .l33ch

If you are a victim of one of these variants, you can download the free decryptor from here, run the executable, select the drive that holds the encrypted files, and point the tool to a sample pair of encrypted and original files.

For a step-by-step guide on how to use the decryptor, you can read Avast’s blog post.

Leave a Reply

Your email address will not be published. Required fields are marked *