Avast has released a decryptor for variants of the Hades ransomware known as ‘MafiaWare666’, ‘Jcrypt’, ‘RIP Lmao’, and ‘BrutusptCrypt,’ which can allow the victims of these ransomware strains to recover their files without paying the ransom.
The security firm discovered a bug in the encryption process implemented by the Hades ransomware that can be used to recover the files encrypted by some variants.
“We discovered a vulnerability in the encryption schema that allows some of the variants to be decrypted without paying the ransom. New or previously unknown samples may encrypt files differently, so they may not be decryptable without further analysis.” reads the post published by AVAST.
The experts pointed out that the Hades ransomware affected by the flaw did not exfiltrate any data from the victims. MafiaWare666, for example, is a ransomware strain written in C# which doesn’t contain any obfuscation or anti-analysis techniques. The malicious code encrypts files using AES encryption.
