Avast has released a decryptor for variants of the MafiaWare666 ransomware known as ‘Jcrypt’, ‘RIP Lmao’, and ‘BrutusptCrypt,’ allowing victims to recover their files for free.
The security company says it discovered a flaw in the encryption scheme of the MafiaWare666 strain, allowing some of the variants to be unlocked. However, this may not apply to newer or unknown samples that use a different encryption system.
Utilizing Avast’s tool, victims of the supported ransomware variants can decrypt and access their files again without paying a ransom to the attackers, which ranges between $50 and $300. However, ransom demands reached tens of thousands in some cases.
It should be noted that Avast states that MafiaWare666 also called ‘Hades,’ which is not the same as the Hades ransomware used by Evil Corp in an attack on ForwardAir.
The ransomware family targeted by this encryptor is a lower-level operation that did not perform data theft and double-extortion attacks.
Using the MafiaWare666 decryptor
The Avast decryptor only supports files encrypted by specific variants of the MafiaWare666 ransomware family. These variants include the following extensions and strings appended/prepended to an encrypted file’s name:
- .MafiaWare666
- .jcrypt
- .brutusptCrypt
- .bmcrypt
- .cyberone
- .l33ch
If you were affected by one of these variants, you can download the free decryptor from here, run the executable, select the drive that holds the encrypted files, and point the tool to a sample pair of encrypted and original files.
Those who possess a valid password for decrypting the files but couldn’t get the decryptor supplied by MafiaWare666 to work can tick the box and provide it onto Avast’s tool.
Most victims don’t have a password, so they will have to wait for Avast’s tool to crack it manually, which may take some time.
After the password is found, the users can initiate the decryption process. At this stage, it is highly recommended to tick the boxes to back up the encrypted files and run the tool as an administrator.
It is important to stress that you should enable the option to back up encrypted files, as if there is a problem with the decryptor, the encrypted files can become further corrupted.
For a step-by-step guide on using the decryptor, you can read Avast’s blog post.
Source: https://www.bleepingcomputer.com/news/security/avast-releases-free-decryptor-for-mafiaware666-ransomware-variants/