Security News > 2024 > January > Online ransomware decryptor helps recover partially encrypted files
CyberArk has created an online version of 'White Phoenix,' an open-source ransomware decryptor targeting operations using intermittent encryption.
The online version has a file size limit of 10MB, so if you're looking to decrypt larger files or virtual machines, the GitHub version is the only way to go.
Intermittent encryption is a method used by many ransomware operations to speed up the encryption of devices by only partially encrypting the victim's files.
If these chunks of unencrypted data contain useful information, especially at the start and end of the file, the chances for successfully rebuilding and restoring the file without paying for a decryptor is increased.
CyberArk previously told BleepingComputer that certain strings need to be readable in the files depending on their type for the decryptor to work correctly.
New Black Basta decryptor exploits ransomware flaw to recover files.