Researchers have released a new tool called “White Phoenix” on GitHub that can help victims of ransomware attacks, providing a way to recover data from some types of partially encrypted files. This free tool is a significant breakthrough for victims who have had to pay ransom to get access to their data in the past.
Ransomware operators use intermittent encryption, a tactic where only some parts of the files are encrypted to speed up encryption and make detection harder, resulting in the corruption of targeted files. A ransom is then demanded for the decryption key. This type of attack has been used by several ransomware groups, including BlackCat and Play, on organizations worldwide, including hospitals, banks, and universities.
Cybersecurity vendor Cyberark says the White Phoenix tool can decrypt data in partially encrypted files, making recovery possible. Partially encrypted files contain certain parameters that even if encrypted, can be reconstructed relatively easily to recover data. Common parameters such as the
If partial encryption only wipes away the
White Phoenix underwent testing by Cyberark researchers, who tested it against documents encrypted by BlackCat and believe it can work on files that other malware tools such as Play, Qilin, BianLian, and DarkBit might only partially encrypt. According to Cyberark, White Phoenix can only recover partially encrypted files if there are unencrypted parts of the data that can be salvaged.
Many threat actors have adopted intermittent encryption as a way to infect more systems in a shorter time frame than would be possible with full disk encryption. The approach also enables them to sneak their malware past detection systems by encrypting just enough content to make files unusable but not enough to alert the system. Tools like White Phoenix provide a way to recover data lost due to partial encryption that can help victims avoid paying ransom to recover their data.
In conclusion, the White Phoenix tool provides a ray of hope for victims of ransomware attacks who have had to pay ransom to access their data. This breakthrough tool can allow the recovery of data lost due to partial encryption, making ransom payments unnecessary. Tools like this further highlight the importance of cybersecurity in an increasingly digital world in which cyber threats are highly prevalent.
<< photo by Michael Geiger >>
You might want to read !
- “Google underscores commitment to privacy with enhanced security measures in Gmail and Drive”
- “Striking a Balance: Maintaining Cyber Competence Without Increasing Anxiety in the Workplace”
- “Apple’s Culture of Secrecy: How Far is Too Far?”
- “Uncovering the BEC Scheme: How Israeli Connection Paved the Way to Attack Multinational Companies”
- SideWinder’s Multiphase Polymorphic Attack Hits Pakistan and Turkey: Exploring the Impact and Scope of the Incident
- “Data Held Hostage: Western Digital Customers Fall Prey to Ransomware Attack”
- The Rise of ScanBox Keylogger: Watering Hole Attacks on the Horizon
