ESET has announced that it has started making one available tooldecryption key for AES-NI to users whose data has been encrypted by Win32/Filecoder.AESNI.B and Win32/Filecoder.AESNI.C (aka XData).
The decryption tool for AES-NI is based on recently released keys via Twitter and a help forum for ransomware victims.
As Ondrej Kubovič explains, Security Specialist by ESET: “The decryption tool is intended for archives κρυπτογραφημένα από το offline κλειδί RSA, το οποίο χρησιμοποιείται από την παραλλαγή B του AES-NI προσθέτοντας τις επεκτάσεις .aes256, .aes_ni και .aes_ni_0day, καθώς και για την παραλλαγή XData, που προσθέτει την επέκταση.~xdata στα μολυσμένα αρχεία»
Users who have fallen victim and still have their files encrypted can download the decryptor from the associated ESET page with the utilities. The ESET Knowledgebase page provides more information on how to use the tool and details about specific cases where the decryptor can not help.
Stakeholders can find more details about what happened and appear to have led to the "end" of this malware. Useful information on protection against ransomware is available in the official ESET blog, WeLiveSecurity.
https://download.eset.com/com/eset/tools/decryptors/aesni/latest/esetaesnidecryptor.exe
