Security firm releases free Diavol ransomware decryptor tool

Ddos March 23, 2022 2 minutes read

Security firm Emsisoft, which specializes in fighting ransomware, has released a free Diavol ransomware decryptor tool. Diavol ransomware associated with the TrickBot botnet. Using the Diavol ransomware decryptor tool, users can decrypt files encrypted by Diavol for free, and the encrypted file formats include .lock64 and so on.

Diavol usually asks ransom demands between $10,000 and $500,000. And if victims contact them to negotiate, they can often continue to drive down prices. Diavol is still a relatively humble ransomware gang. Other ransomware associated with TrickBot, such as Conti and Ryuk, usually asks demands millions or even tens of millions of dollars in ransom. Of course, users are not recommended to pay ransoms in principle, because paying ransoms will only encourage more hackers to engage in the ransomware industry.

the decryptor released by Emsisoft is called Emsisoft Decryptor for Diavol. “The decryptor requires access to a file pair consisting of one encrypted file and the original, unencrypted version of the encrypted file to reconstruct the encryption keys needed to decrypt the rest of your data,” Emsisoft explains.”By default, the decryptor will pre-populate the locations to decrypt with the currently connected drives and network drives.”

The decryptor also supports decrypting large files, but due to technical limitations, large files may only be partially decrypted, but not all of them can be successfully decrypted.

Unlike other ransomware gangs that use AES encryption, Diavol uses asynchronous invocations of an asymmetric encryption algorithm, and the ransomware gang isn’t obfuscating, and when the data encryption is done, the Windows wallpaper is replaced with black and shows that all your files are encrypted.

Download

Via: bleepingcomputer