Security News > 2024 > February > Free Rhysida ransomware decryptor for Windows exploits RNG flaw
![Free Rhysida ransomware decryptor for Windows exploits RNG flaw](/static/build/img/news/free-rhysida-ransomware-decryptor-for-windows-exploits-rng-flaw-medium.jpg)
South Korean researchers have publicly disclosed an encryption flaw in the Rhysida ransomware encryptor, allowing the creation of a Windows decryptor to recover files for free.
Victims of the Rhysida ransomware may use the tool to try to decrypt their files for free, but BleepingComputer cannot guarantee the tool's safety or effectiveness.
Ransomware expert Fabian Wosar told BleepingComputer that this decryptor only works for encrypted files by the Rhysida Windows encryptor and cannot decrypt files encrypted on VMware ESXi or via its PowerShell-based encryptor.
The Rhysida encryption flaw has been privately used for months by cybersecurity firms and governments worldwide since at least May 2023.
Online ransomware decryptor helps recover partially encrypted files.
New Black Basta decryptor exploits ransomware flaw to recover files.
News URL
Related news
- TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers (source)
- Black Basta ransomware gang linked to Windows zero-day attacks (source)
- Black Basta Ransomware May Have Exploited MS Windows Zero-Day Flaw (source)
- Ransomware crew may have exploited Windows make-me-admin bug as a zero-day (source)
- CISA warns of Windows bug exploited in ransomware attacks (source)
- Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor (source)
- New Eldorado ransomware targets Windows, VMware ESXi VMs (source)
- New Ransomware-as-a-Service 'Eldorado' Targets Windows and Linux Systems (source)