Jump to content

Emsisoft Releases Decryptors for the Xorist and 777 Ransomware

Starbuck
 Share

Recommended Posts

  • ExTS Admin
Starbuck Newbie

Starbuck

Posted
  • ExTS Admin
Posted

Today Emsisoft has released two new ransomware decryptors for the Xorist family and the 777 Ransomware infections.

 

The Xorist ransomware has been around for a while, but Fabian Wosar was manually helping victims on a case-by-case basis.

The ransomware family behind the 777 ransomware has also been around for a while, but a sample was discovered recently and thus a decryptor could be made.

 

More details on the two decryptors can be found below.

 

Decryptor for the Xorist Ransomware Family

 

The Xorist ransomware encrypts your files appends various extensions such as *.EnCiPhErEd, *.0JELvV, *.p5tkjw, *.6FKR8d, *.UslJ6m, *.n1wLp0, *.5vypSa and *.YNhlv1 to the encrypted files.

As this family uses a fairly easy to use ransomware builder, pretty much any extension can be used by a distributor.

 

In order to use this decryptor, you will need to drag a pair of the same files, one encrypted and one not encrypted, onto the decryptor.

It will then perform a brute force of the decryption key that can be used to decrypt the victim's files.

 

http://img.photobucket.com/albums/v708/starbuck50/xorist-brute-force_zpseqfbwb9v.jpg

 

This brute force process should typically take a maximum of 2-3 hours.

 

http://img.photobucket.com/albums/v708/starbuck50/decryptinfinite-icon_zpsrg1v5xxn.pngdecrypt_xorist.exe

 

Decryptor for the 777 Ransomware

 

The 777 ransomware appears to have been around since September 2015,but a sample was discovered recently.

This ransomware will encrypt files and append the .777 extension to them.

Fabian Wosar was also able to create a decryptor for files encrypted by this ransomware.

 

To use the decryptor, simply download the program below and perform a scan.

The decryptor will automatically decrypt any files that end with the .777 extension.

 

http://img.photobucket.com/albums/v708/starbuck50/decryptinfinite-icon_zpsrg1v5xxn.pngdecrypt_777.exe

 

 

Source & Credit:

Lawrence Abrams

http://www.bleepingcomputer.com/news/security/emsisoft-releases-decryptors-for-the-xorist-and-777-ransomware/

Member of:

UNITE

  • Replies 0
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...