BitDefender Has Released a Decryptor for ‘DarkSide’ Ransomware

  • Victims of the ‘DarkSide’ ransomware gang can now unlock their files for free.
  • BitDefender has released a decryptor that works well with current versions of the ransomware.
  • The threat actors may update their encryption scheme soon, rendering the decryptor worthless.

BitDefender, the highly successful cybersecurity and anti-virus company from Romania, has released a decryptor for the ‘DarkSide’ ransomware and gives it away to the victims for free. BitDefender has been involved in this kind of solutions in the past, and in June 2019, they were the one to “kill” the notorious ‘GandCrab’ once and for all. This time, it is a RaaS (ransomware as a service) platform again, so the disruption in its operations is expected to be of a pretty large scale.

The decryptor needs to be downloaded locally on the victimized machine, and it will attempt to identify the file extension of the encrypted files automatically upon its first run. The tool can scan the entire system or folders selectively, and it also has a “Backup files” option to keep them around in case something goes wrong in the decryption process, and you end up with corrupted files.

Source: BitDefender

Those who have ticked the “backup” option will end up with both versions, but you should discard the backups only after you have checked that everything opens/works. Remember, the success in the decryption of one file doesn’t mean that everything has been restored properly. For example, larger files are more likely to have issues, so make sure to verify first.

Source: BitDefender

The ‘DarkSide’ group appeared on the dark web in August 2020 and went more aggressive by the end of September 2020. The RaaS maintained an ethical stance, so it excluded non-profit, educational, and healthcare entities from its targets list.

Using customized ransomware executables, the threat actors made millions within a short period of time while keeping pro-grade communications and press releases that radiated a certain level of solemnity.

DarkSide statement, Source: KELA

Even though BitDefender’s decryptor is working well at the moment, the ‘DarkSide’ could update their ransomware and encryption scheme to make it hard or impossible to unlock again.

However, this story’s takeaway remains that when dealing with a ransomware infection, waiting for the release of a decryptor is always a choice. In the case of the ‘DarkSide,’ it came relatively quickly, and it could remain effective for a while.

REVIEW OVERVIEW

Latest

Apple TV+ One-Year Free Trials Extended Until July 2021

Buyers of Apple TV devices have just gotten a second Apple TV+ subscription extension.This adds up to another nine full months of...

The Scottish Environment Protection Agency Was Hit by Ransomware

The Scottish Environment Protection Agency (SEPA) was compromised by the Conti group almost a month ago.The ransomware gang is now leaking part...

Discovery Plus Keeps Crashing: Here’s How to Fix It

Discovery Plus has been out for over a week now and users are reporting various issues they have with the service. One...