A lot of money has already been made with the Darkside extortion Trojan. The game has now come to an end. Researchers have developed a decryption tool, which is available for free and is supposed to release the encrypted files again.
Bitdefender found the solution
Bitdefender security researchers have found the solution. They must have come across a flaw in the encryption and have developed a tool that can restore access to the files. This means that paying a ransom to the cybercriminals is no longer necessary. It is not known how the decryption works, but it is supposed to work with all versions of the ransomware that are currently in circulation. The researchers’ decryption tool “Bitdefender Decryption Utility for DarkSide ransomware” is also already available for download.
Darkside is still active
If one becomes a victim of a ransomware attack, all data is encrypted. Access is no longer possible. Only when the extortionists receive the demanded ransom do they give out the key to release the files again. In the case of the Darkside extortion Trojan, the criminals have demanded ransom payments of between $200,000 and $2 million. According to Darkside’s backers, they have already extorted millions with their Trojan. The extortionists are now also real “service providers” and offer their Trojan in an affiliate program. In this way, they reach even more victims and also receive a kind of “commission” on the extorted sum with their program. The Darkside ransomware is still active, according to security researchers from MalwareHunterTeam. Those behind it have only recently updated their website and set up their own press section. Paradoxically, the criminals behind the Trojan also donated proceeds from their activities to a charitable organization last year. This is probably how the extortionists want to make their activities feel good. Not that they still get a guilty conscience.
Access to files
In order to access your files again, you install the tool on your computer. After that, one can either scan the whole computer or only individual folders for the affected files. Before you start the process, you should first make a backup. If something goes wrong during the decryption, not everything is lost. After the scan, the tool starts its work and decrypts the files automatically. If the affected files can be opened again, the encrypted files must be deleted immediately after the process is complete.