Home > Security > Security News

BlackByte Ransomware Decryptor Released for Free

Last updated October 19, 2021
Written by:
Supriyo Chatterji
Supriyo Chatterji
Cybersecurity News Writer
Open Padlock in Digital

Trustware, a cybersecurity company, put up a free decryptor for BlackByte on GitHub. This decryptor can be used by victims of the BlackByte ransomware to decrypt and restore files without having to pay the ransom money. This decryptor uses a design flaw in the ransomware’s encryption protocol to unlock stored files.

Trustware also released a two-part technical analysis explaining how they discovered the design flaw. The ransomware got into action on all targeted devices after the group downloaded a fake image file titled “forest.png.” When they looked into this file, they found a “raw” cryptographic key used to derive files encryption keys used by the ransomware. This keyset also generated the access key, which would give access to the dark web portal where the victims could make the payment to free their files.

The tool automatically decrypts the key on any infected ”forest.png” image. The decryptor itself contains a “forest.png” file, which should be replaced by the infected image used by the ransomware as mentioned above.

The hacker group behind the BlackByte ransomware responded to the decryptor by saying that using the wrong key might delete or corrupt the locked data. They also mentioned that they do not use only one key, and using the wrong version can even break entire operating systems without the possibility of restoration.

Further, now that the Blackbyte group knows of the flaw in the design, they are very likely to fix it. So, when a new version of the Blackbyte ransomware enters the market, the old decryptors will become obsolete. Also, since the Blackbyte group is a relatively new one, Trustware researchers speculate they might find numerous other bugs that will break the code even if this exploit is fixed.

The fact that this flaw was discovered three weeks ago (in September) and the Blackbyte gang has had eight targets who have refused to pay might indicate increasing resistance from potential victims. In the Netherlands, the government is planning to develop a new legal context that will basically outlaw ransom payments, so maybe other countries will contemplate the idea as well.

Add a Comment
Related
Novel ToyMaker Initial Access Broker Collaborates with Cactus Ransomware Group 
Novel PE32 Ransomware Uses Telegram-Based C2, Exposes Bot Token and Group Chat ID in the Process
Anonymous hackers dressed up with claws and mask carrying out an attack
NighSpire Stole 30GB Data from France’s Municipality of Ardon, Set to Leak it on 30 April
BianLian ransomware
Qilin and Devman Hacking Group Allegedly Breach ‘Feel Four,’ $60,000 Ransom Demanded 
Hacker Locked the Network
Play Ransomware Threatens New York Sports Clubs With Stolen Tax, Client, and Personal Data
Ransomware Illustration
Sensata Faces Operational Disruption Following Acknowledged Ransomware Attack
Most Popular
The Smashing Machine
Dwayne Johnson’s The Smashing Machine: All About the film based on MMA Fighter Mark Kerr
Now You See Me: Now You Don’t
What you Should know About the Now You See Me: Now You Don’t (2025) film
Outlaw Botnet Targets Linux Systems, Exploiting Weak or Default SSH Credentials
Novel Grinex Platform Allegedly Linked to Sanctioned Garantex Crypto Exchange
Perplexity AI’s New Browser Collects User Data for Advertising Purposes, Raises Privacy Concerns
NCIS: Origins
What you Should know About NCIS: Origins Season 2 - Release Window, Gibbs' Story, and more
Dwayne Johnson’s The Smashing Machine: All About the film based on MMA Fighter Mark Kerr
What you Should know About the Now You See Me: Now You Don’t (2025) film
Outlaw Botnet Targets Linux Systems, Exploiting Weak or Default SSH Credentials
Novel Grinex Platform Allegedly Linked to Sanctioned Garantex Crypto Exchange
Perplexity AI’s New Browser Collects User Data for Advertising Purposes, Raises Privacy Concerns
What you Should know About NCIS: Origins Season 2 - Release Window, Gibbs' Story, and more

Most Popular
The Smashing Machine
Dwayne Johnson’s The Smashing Machine: All About the film based on MMA Fighter Mark Kerr
Now You See Me: Now You Don’t
What you Should know About the Now You See Me: Now You Don’t (2025) film
Outlaw Botnet Targets Linux Systems, Exploiting Weak or Default SSH Credentials
Novel Grinex Platform Allegedly Linked to Sanctioned Garantex Crypto Exchange
Perplexity AI’s New Browser Collects User Data for Advertising Purposes, Raises Privacy Concerns
NCIS: Origins
What you Should know About NCIS: Origins Season 2 - Release Window, Gibbs' Story, and more
Dwayne Johnson’s The Smashing Machine: All About the film based on MMA Fighter Mark Kerr
What you Should know About the Now You See Me: Now You Don’t (2025) film
Outlaw Botnet Targets Linux Systems, Exploiting Weak or Default SSH Credentials
Novel Grinex Platform Allegedly Linked to Sanctioned Garantex Crypto Exchange
Perplexity AI’s New Browser Collects User Data for Advertising Purposes, Raises Privacy Concerns
What you Should know About NCIS: Origins Season 2 - Release Window, Gibbs' Story, and more

TechNadu keeps you informed with the latest in cybersecurity, VPNs, streaming, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2025 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: