Cybersecurity solutions provider Emsisoft has released a free decryption tool to enable AstraLocker and Yashma ransomware victims to recover their files without paying a ransom.
The company made the announcement in a series of Twitter posts earlier today, providing a download link and related instructions for the tool.
“The AstraLocker decryptor is for the Babuk-based one using .Astra or .babyk extension, and they released a total of 8 keys,” reads one of the tweets.
“The Yashma decryptor is for the Chaos-based one using .AstraLocker or a random .[a-z0-9]{4} extension, and they released a total of 3 keys.”
Emsisoft also warned AstraLocker and Yashma Ransomware victims to take precautions before using the decryptor.
“Be sure to quarantine the malware from your system first, or it may repeatedly lock your system or encrypt files,” the company said in the instructions on how to use the tool.
Further, the company issued additional recommendations in case the victim’s systems were targeted via the windows remote desktop (WRD) feature.
“If your system was compromised through [WRD], we also recommend changing all passwords of all users that are allowed to login remotely and check the local user accounts for additional accounts the attacker might have added,” Emsisoft wrote.
The release of the decryption tool comes days after the threat actor behind AstraLocker told BleepingComputer they were shutting down the operation with the intention of pivoting to crypto mining.
“It was fun, and fun things always end sometime. I’m closing the operation, decryptors are in zip files, clean. I will come back,” AstraLocker’s developer told the tech publication. “I’m done with ransomware for now. I’m going in cryptojaking lol.”
For context, decryption tools are relatively rare in the ransomware world. However, they are sometimes created by particularly pro-active cybersecurity companies and, in extremely rare cases, offered by the attackers themselves.