Cybersecurity analysts have released a decryptor for BianLian ransomware that could allow victims to retrieve their encrypted files for free — and avoid paying a ransom demand to cyber criminals.
BianLian first appeared in August last year, with a series of attacks claiming victims in industries including media, manufacturing, and healthcare. The attacks have hit organizations around the world, with victims in countries such as the US, Australia, and the UK.
Targeting Windows systems, and written in open-source programming language Go, BianLian uses an encryption technique that divides files into chunks, which helps it to encrypt systems at high speed, as well as helping it to avoid detection before the encryption has been completed.
Once this process is completed, victims are presented with a ransom note telling them they’ve been hit with ransomware and that they need to contact the attackers to “restore” their data. Options for doing this include an encrypted messaging app or email.
Also: Ransomware has now become a problem for everyone, and not just tech
The BianLian attackers also warn victims that they’ve stolen data and will publish it if they don’t receive a ransom payment within 10 days.
But now victims have the chance to retrieve their files without paying the ransom, because cybersecurity researchers at Avast have developed and released a free BianLian ransomware decryption tool.
However, the researchers warn that the decryptor can only restore files encrypted by a known variant of the BianLian ransomware — new versions that appear won’t be decrypted by the tool in its current state.
“For new victims, it may be necessary to find the ransomware binary on the hard drive; however, because the ransomware deletes itself after encryption, it may be difficult to do so,” said a blog post by Avast Threat Research.
Also: Ransomware: Why it’s still a big threat, and where the gangs are going next
The free BianLian ransomware decryptor is available to download from Avast — and the company says it’s actively looking for new samples to update the decryptor, so it can be used against more attacks.
Ransomware continues to be a major cybersecurity threat to organizations around the world, but falling victim isn’t inevitable.
Steps that organizations can take to avoid falling victim include protecting user accounts with multi-factor authentication, ensuring that common or easily guessable passwords aren’t being used, and applying security updates, which protect systems against known vulnerabilities, as soon as possible.
MORE ON CYBERSECURITY