14 DAY TRIAL // A new decryption tool for ransomware victims has been released, this time for those affected by the Amnesia Ransomware.
Over the weekend, Emsisoft announced they had a new decryptor ready for Amnesia, a ransomware that was spotted just earlier this month. According to the company's CTO and malware researcher Fabian Wosar, the malware has had another variant released called CryptoBoss.
This new family of ransomware was named Amnesia based on the extension that gets added to encrypted files by the first variant (.amnesia).
The CryptoBoss variant has yet to get a decryptor, but researchers are working on it.
Amnesia victims, however, are lucky to get this tool to use. The ransom note can be found in each folder that holds an encrypted file. "HOW TO RECOVER ENCRYPTED FILES.TXT" is the name of the file which contains a personal ID, which should be included in an email sent to a certain address included in the file.
How does it work?
In order to decrypt your files, you need to download the decryptor first. In order for the decrypter to work, you need both the encrypted and unencrypted file and drag and drop them on the executable. A good way to find a pair of files to use is to look for the sample pictures found in the default Windows folders.
It may take a while until the decryptor discovers the key that was used to encrypt all the files, but it can then be used to fix all the files on your computer.
The decrypter will automatically display a list of drives that will be decrypted and if there are any left out, you can add them on your own. Once everything is there, you can click the Decrypt button to start the process and you'll see each file get listed as it gets fixed.
The encrypted files may still be on your computer, so you'll have to make sure you've already properly decrypted all the files before removing or archiving the affected files.