Free decryption tools for AtomSilo, Babuk, and LockFire ransomware released by Avast

Graham Cluley
Graham Cluley
@[email protected]

Avast releases free decryption tools for AtomSilo, Babuk, and LockFire ransomware victims

There is some more good news for those who have fallen foul of ransomware.

Czech security firm Avast has developed decryption utilities for victims of not one, not two, but three different ransomware strains – meaning that victims who have been hit may be spared paying a ransom to their attackers.

The ransomware in question is Babuk, LockFire, and AtomSilo.

Atomsilo encrypted files

In a blog post, Avast’s researchers explained that their decryption tool tackled both AtomSilo and Lockfire ransomware strains.

Avast also credited malware analyst Jiří Vinopal for his vital role in making the decryption tool possible, after he spent his free time analysing and finding weaknesses in the AtomSilo and LockFile encryption algorithms.

Unfortunately, there are some limitations on what can be decrypted by the tool, as the Avast blog explains:

The Avast AtomSilo decryptor relies on a known file format in order to verify that the file was successfully decrypted. For that reason, some files may not be decrypted. This can include files with proprietary or unknown format, or with no format at all, such as text files.

Nonetheless, the tool is clearly a massive aid for victims of the ransomware who do not have access to clean backups or are unable/unwilling to pay extortionists.

Sign up to our free newsletter.
Security news, advice, and tips.

In addition, Avast has also released a free decryption tool for the Babuk ransomware.

Avast was able to create its Babuk decryptor following an analysis of the ransomware’s source code which was leaked onto the internet in September.

According to reports at the time, the Babuk source code was released after one of its developers (a 17-year-old Russian) was “diagnosed with stage 4 lung cancer.”

Code released

Avast says that its Babuk decryption tool will work for past victims whose encrypted files had been given the .babuk or .babyk file extensions.

Found this article interesting? Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.