Security researchers from AhnLab, a South Korea-based cyber-security firm, have created decrypters for some versions of the Magniber ransomware.
The decrypters are available for download from AhnLab’s website. Usage instructions are included in the first link.
There are no English versions for these pages, so victims will have to use an online translation service to read them, but we doubt that many English-speaking users were infected, to begin with.
Researchers deliver on their promise
The Magniber ransomware first appeared in mid-October 2017. The ransomware replaced the Cerber ransomware as the primary ransomware payload distributed via the Magnitude exploit kit.
Ever since security researchers have started tracking Magniber infections, this ransomware operation has been only focused on infecting South Korean users.
Back in October last year, several security researchers told Bleeping Computer that the ransomware appeared to be decryptable. Now, the AhnLab team has finally managed to find a chink in Magniber’s armor.
“I knew we could make a recovery tool from an encryption bug,” Cha Minseok, a security researcher with AhnLab told Bleeping Computer yesterday.
New decrypters released at regular intervals
Below is a table taken from AhnLab’s website detailing what Magniber versions can be decrypted with the company’s tools.
The AhnLab team has been releasing new decrypters on almost a daily basis, so we expect this table to become outdated in a few days. For an updated one, check AhnLab’s website.
|Decrypter release date||Recoverable file extension||Victim Key||Magniber payment site vector||Download Link|