Free decryption tools for AtomSilo, Babuk, and LockFire ransomware released by Avast

Graham Cluley
Graham Cluley
@[email protected]

Avast releases free decryption tools for AtomSilo, Babuk, and LockFire ransomware victims

There is some more good news for those who have fallen foul of ransomware.

Czech security firm Avast has developed decryption utilities for victims of not one, not two, but three different ransomware strains – meaning that victims who have been hit may be spared paying a ransom to their attackers.

The ransomware in question is Babuk, LockFire, and AtomSilo.

Atomsilo encrypted files

In a blog post, Avast’s researchers explained that their decryption tool tackled both AtomSilo and Lockfire ransomware strains.

Avast also credited malware analyst Jiří Vinopal for his vital role in making the decryption tool possible, after he spent his free time analysing and finding weaknesses in the AtomSilo and LockFile encryption algorithms.

Unfortunately, there are some limitations on what can be decrypted by the tool, as the Avast blog explains:

The Avast AtomSilo decryptor relies on a known file format in order to verify that the file was successfully decrypted. For that reason, some files may not be decrypted. This can include files with proprietary or unknown format, or with no format at all, such as text files.

Nonetheless, the tool is clearly a massive aid for victims of the ransomware who do not have access to clean backups or are unable/unwilling to pay extortionists.

Sign up to our free newsletter.
Security news, advice, and tips.

In addition, Avast has also released a free decryption tool for the Babuk ransomware.

Avast was able to create its Babuk decryptor following an analysis of the ransomware’s source code which was leaked onto the internet in September.

According to reports at the time, the Babuk source code was released after one of its developers (a 17-year-old Russian) was “diagnosed with stage 4 lung cancer.”

Code released

Avast says that its Babuk decryption tool will work for past victims whose encrypted files had been given the .babuk or .babyk file extensions.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.