Cybersecurity analysts have released a decryptor for BianLian ransomware that could allow victims to retrieve their encrypted files for free — and avoid paying a ransom demand to cyber criminals.
BianLian first appeared in August last year, with a series of attacks claiming victims in industries including media, manufacturing, and healthcare. The attacks have hit organizations around the world, with victims in countries such as the US, Australia, and the UK.
Targeting Windows systems, and written in open-source programming language Go, BianLian uses an encryption technique that divides files into chunks, which helps it to encrypt systems at high speed, as well as helping it to avoid detection before the encryption has been completed.
Once this process is completed, victims are presented with a ransom note telling them they’ve been hit with ransomware and that they need to contact the attackers to “restore” their data. Options for doing this include an encrypted messaging app or email.
The BianLian attackers also warn victims that they’ve stolen data and will publish it if they don’t receive a ransom payment within 10 days.
But now victims have the chance to retrieve their files without paying the ransom, because cybersecurity researchers at Avast have developed and released a free BianLian ransomware decryption tool.
However, the researchers warn that the decryptor can only restore files encrypted by a known variant