Security News > 2022 > July > Free decryptor released for AstraLocker, Yashma ransomware victims
New Zealand-based cybersecurity firm Emsisoft has released a free decryption tool to help AstraLocker and Yashma ransomware victims recover their files without paying a ransom.
"The AstraLocker decryptor is for the Babuk-based one using.Astra or.babyk extension, and they released a total of 8 keys," Emsisoft added.
"The Yashma decryptor is for the Chaos-based one using.AstraLocker or a random.[a-z0-9] extension, and they released a total of 3 keys."
Emsisoft also advised AstraLocker and Yashma victims whose systems were compromised via Windows Remote Desktop to change the passwords for all user accounts that have permissions to log in remotely and to look for other local accounts the ransomware operators might have added.
The decryptor was released after the threat actor behind AstraLocker ransomware told BleepingComputer this week that they're shutting down the operation with a plan to switch to cryptomining.
The ransomware developer shared a ZIP archive with AstraLocker and Yashma decryptors they submitted to the VirusTotal malware analysis platform.