Avast has released free decryption tools for victims of the encryption trojans AtomSilo, Babuk and LockFile. This allows victims to regain access to their files without paying a ransom.
As can be seen from a blog post, AtomSilo and LockFile are very similar, so the decryption tool available for download now in both cases access to encrypted data is allowed again.
Decryption does not work with all files
According to the security researchers, there is one limitation: The tool for AtomSilo and LockFile only decrypts files with a known file format. The decryption does not work for files with a proprietary or unknown format or without any file format (e.g. text files).
According to Avast, this also includes common formats such as .exe and .html. For LockFile victims there are further restrictions and the tool cannot do anything with encrypted .jpg and .bmp files, among other things.
If the prerequisites are met, victims can directly decrypt entire hard drives containing files captured by the ransomware. The tool is supposed to address weaknesses in the encryption by AtomSilo.
Another little helper
Beim Avast Decryption Tool for Babuk (Download) leaked source code and key should serve as a basis. This tool can also be used to decrypt entire partitions with encrypted files with just a few clicks.
Babuk has been on the road since the beginning of 2021 and primarily targets companies. In the summer of 2021, there were initial indications that the ransomware could also target EXSi servers set up with VMware. With the LockFile campaign, the masterminds are targeting vulnerable Exchange servers, among other things.
(from)
