ESET announced that it has launched a decryption tool for AES-NI to users whose data has been encrypted by Win32 / Filecoder.AESNI.B and Win32 / Filecoder.AESNI.C (also known as XData).
The decryption tool for AES-NI is based on recently released keys via Twitter and a help forum for ransomware victims.
As ESET Security Specialist Ondrej Kubovič explains: "The decryption tool is for files encrypted by the RSA offline key, which is used by AES-NI variant B by adding extensions .aes256, .aes_ni and .aes_ni_0day as well as for the XData variant, which adds the extension. ~ xdata to the infected files »
Users who have fallen victim and still have their files encrypted can download the decryptor from the associated ESET page with the utilities. The ESET Knowledgebase page provides more information on how to use the tool and details about specific cases where the decryptor can not help.
Stakeholders can find more details about what happened and appear to have led to the "end" of this malware. Useful information on protection against ransomware is available in the official ESET blog, WeLiveSecurity.