U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Did Aurora Ransomware infect you? You can decrypt file for free

Victims of the Aurora Ransomware could use a decryptor tool developed by the popular malware researcher Michael Gillespie to decrypt their data for free. Good news for the victims of the Aurora Ransomware, there are many variants of this Windows malware but most of the victims have been infected by the version that appends the […]

Aurora Ransomware

Victims of the Aurora Ransomware could use a decryptor tool developed by the popular malware researcher Michael Gillespie to decrypt their data for free.

Good news for the victims of the Aurora Ransomware, there are many variants of this Windows malware but most of the victims have been infected by the version that appends the .Nano extension to the encrypted files.

Attackers infect systems through Remote Desktop Services accesses, once files are encrypted the ransomware will create on the Windows desktop and in various folders on the computer a ransom note.

Now the popular malware researcher Michael Gillespie has developed a decryptor that allows the victims to decrypt their files for free.

The decryptor supports the variants that append the following extensions to the encrypted files:

.Nano
.animus
.Aurora
.desu
.ONI
.aurora

To decrypt files encrypted by the Aurora ransomware, victims need to download and execute the Aurora Decryptor.

Aurora Ransomware

To start brute-force attack and retrieve the encryption key the victim have to provide two encrypted files of the following file types:

.png, .gif, .pdf, .docx, .xlsx, .pptx, .doc, .xls, .ppt, .vsd, .psd, .mp3, .wmv, .zip, .rar, .pst, .rtf, .mdb, .ico, .lnk, .fdb, .jar, and .idx

Once selected the two encrypted files the victims can start the Bruteforcer, the process could be time-consuming, but don’t worry.

The process will end with the discovery of the decryption key, closing the
BruteForcer the key will be automatically loaded into the decryptor.

Now the users can choose to decrypt a directory by selecting it or to decrypt an entire drive by selecting the drive letter.

“When it has finished, the decryptor will display a summary of the amount of files that have been decrypted. If some of the files were skipped it may be due to permissions to the files.reported Bleeping Computer that described the entire procedure step by step.

Note that the original encrypted files will remain on victim’s computer until he will confirm that they have been properly decrypted.

“you can use CryptoSearch to move all the encrypted files into one folder so you can delete or archive them.” suggests Lawrence Abrams.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Aurora Ransomware, malware)

[adrotate banner=”5″] [adrotate banner=”13″]