- Victims of the ‘DarkSide’ ransomware gang can now unlock their files for free.
- BitDefender has released a decryptor that works well with current versions of the ransomware.
- The threat actors may update their encryption scheme soon, rendering the decryptor worthless.
BitDefender, the highly successful cybersecurity and anti-virus company from Romania, has released a decryptor for the ‘DarkSide’ ransomware and gives it away to the victims for free. BitDefender has been involved in this kind of solutions in the past, and in June 2019, they were the one to “kill” the notorious ‘GandCrab’ once and for all. This time, it is a RaaS (ransomware as a service) platform again, so the disruption in its operations is expected to be of a pretty large scale.
The decryptor needs to be downloaded locally on the victimized machine, and it will attempt to identify the file extension of the encrypted files automatically upon its first run. The tool can scan the entire system or folders selectively, and it also has a “Backup files” option to keep them around in case something goes wrong in the decryption process, and you end up with corrupted files.
Those who have ticked the “backup” option will end up with both versions, but you should discard the backups only after you have checked that everything opens/works. Remember, the success in the decryption of one file doesn’t mean that everything has been restored properly. For example, larger files are more likely to have issues, so make sure to verify first.
The ‘DarkSide’ group appeared on the dark web in August 2020 and went more aggressive by the end of September 2020. The RaaS maintained an ethical stance, so it excluded non-profit, educational, and healthcare entities from its targets list.
Using customized ransomware executables, the threat actors made millions within a short period of time while keeping pro-grade communications and press releases that radiated a certain level of solemnity.
Even though BitDefender’s decryptor is working well at the moment, the ‘DarkSide’ could update their ransomware and encryption scheme to make it hard or impossible to unlock again.
However, this story’s takeaway remains that when dealing with a ransomware infection, waiting for the release of a decryptor is always a choice. In the case of the ‘DarkSide,’ it came relatively quickly, and it could remain effective for a while.