Cybersecurity analysts have released a decryptor for BianLian ransomware that could allow victims to retrieve their encrypted files for free -- and avoid paying a ransom demand to cyber criminals.
BianLian first appeared in August last year, with a series of attacks claiming victims in industries including media, manufacturing, and healthcare. The attacks have hit organizations around the world, with victims in countries such as the US, Australia, and the UK.
Targeting Windows systems, and written in open-source programming language Go, BianLian uses an encryption technique that divides files into chunks, which helps it to encrypt systems at high speed, as well as helping it to avoid detection before the encryption has been completed.
Once this process is completed, victims are presented with a ransom note telling them they've been hit with ransomware and that they need to contact the attackers to "restore" their data. Options for doing this include an encrypted messaging app or email.
However, the researchers warn that the decryptor can only restore files encrypted by a known variant of the BianLian ransomware -- new versions that appear won't be decrypted by the tool in its current state.
"For new victims, it may be necessary to find the ransomware binary on the hard drive; however, because the ransomware deletes itself after encryption, it may be difficult to do so," said a blog post by Avast Threat Research.