The online community was threatened by approximately 200 new ransomware viruses last year. Malware researchers pointed out that the growth of ransomware attacks increased by 105%, making ransomware the most dangerous and fastest growing cyber threats. The damage of the file-encrypting viruses is obvious; only a few of them are decryptable. As a result, victims often consider to get back their personal files by paying the ransom. Sadly, this risky activity sometimes ends up badly – with another malware attack or money loss. Fortunately, cyber security company Avast managed to give another free data recovery option and saved people from paying the ransom. They have recently released three new tools that can help to restore files encrypted by HiddenTear, Jigsaw, Stampado and Philadelphia viruses. Therefore, the collection of Avast decryptors was expanded, and now the security company offers 14 different tools to restore files encrypted by such viruses as TeslaCrypt, Globe, and others.
Security researchers Michael Gillespie and Fabian Wosar has released decryption tools for these cyber threats earlier. However, according to the Avast team, these viruses are active, and their encryption keys are often updated. For this reason, victims may need updated decryption tools to restore corrupted files effectively. The variety of decryption tools is useful for the victims of ransomware. Using several tools increases the chances to restore files successfully. All security and malware researchers are working for the same purpose – to fight ransomware and offer victims the help they need. The recently released tools can decrypt files encrypted by the latest versions of HiddenTear, Jigsaw, Stampado, and Philadelphia viruses. What is more, Avast managed to improve password brute-force process which allows to speed up data encryption. For instance, HiddenTear’s and its other variants’ decryption now takes only several minutes instead of days.
HiddenTear is known as one of the first open-sourced ransomware viruses that use AES cryptography for the data encryption. Since the appearance on the August 2015, many hackers used its source code for developing other file-encrypting viruses. Jigsaw ransomware had been attacking computers around one year. Researchers discovered it on March 2016 encrypting the wide range of files and demanding to pay the ransom within 60 minutes after the encryption. Cyber criminals used psychological terror and tried to scare victims by saying that after an hour all their files would be deleted. On the August 2016, Stampado ransomware virus started spreading. The developers used “Russian Roulette” principle which allowed them to delete random files on the affected computer within every six hours. Inspired by the success of their illegal project, developers created and launched malicious spam emails campaigns to spread a new variant of Stampado – Philadelphia virus.