2 min read

Darkside Ransomware Decryption Tool

Bitdefender

January 11, 2021

Darkside Ransomware Decryption Tool

We’re happy to announce the availability of a decryptor for Darkside. This family of ransomware has emerged in August 2020 and operates operate under a ransomware-as-a-service business model.

How to use this tool

Step 1: Download the decryption tool below and save it on your computer.

Download the Darkside decryptor

Step 2: Double-click the file (previously saved as BDDarkSideDecryptor.exe) and allow it to run.

Step 3: Select “I Agree” in the License Agreement screen

Note: The tool attempts to identify the file extension of the encrypted files automatically. In this example, the encrypted files have the *.e392d905 extension. Please make sure that you have encrypted files on the system you are running the tool.

Step 4: Select “Scan Entire System” if you prefer the tool to search for all encrypted files. Alternatively, add the path to the location you previously moved the encrypted files.

We strongly recommend that you also select “Backup files” before starting the decryption process to avoid potential loss or corruption during decryption. Then press “Start Tool”.

At the end of this step, your files should be decrypted.

If you encounter any issues, please contact us at forensics@bitdefender.com.

If you have checked the backup option, you will see both the encrypted and decrypted files. You can also find a log of the decryption process in the %temp%\BDRemovalTool folder.

To remove the encrypted files left behind, you should search for files matching the extension and mass-remove them. We do not encourage you to do this until you made sure that your files can be opened safely and there is no damage to the decrypted files. 

Acknowledgement:

This product may include software developed by the OpenSSL Project, for use in the OpenSSL Toolkit (http://www.openssl.org/)

tags


Author



Right now

Top posts

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

July 21, 2021

9 min read
How We Tracked a Threat Group Running an Active Cryptojacking Campaign

How We Tracked a Threat Group Running an Active Cryptojacking Campaign

July 14, 2021

10 min read
A Note from the Bitdefender Labs Team on Ransomware and Decryptors

A Note from the Bitdefender Labs Team on Ransomware and Decryptors

May 26, 2021

2 min read
New Nebulae Backdoor Linked with the NAIKON Group

New Nebulae Backdoor Linked with the NAIKON Group

April 28, 2021

1 min read
Good riddance, GandCrab! We’re still fixing the mess you left behind.

Good riddance, GandCrab! We’re still fixing the mess you left behind.

June 17, 2019

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Golang Bot Starts Targeting WordPress Websites Golang Bot Starts Targeting WordPress Websites
Silvia PRIPOAESilviu STAHIE
3 min read
Darkside Ransomware Decryption Tool Darkside Ransomware Decryption Tool
Bitdefender

January 11, 2021

2 min read
Towards a Universal Security Solution against Bluetooth Low Energy Attacks Towards a Universal Security Solution against Bluetooth Low Energy Attacks
Bitdefender

July 13, 2020

1 min read