ESET announced that it has launched a decryption tool for AES-NI to users whose data has been encrypted by Win32 / Filecoder.AESNI.B and Win32 / Filecoder.AESNI.C (also known as XData).
The decryption tool for AES-NI is based on wrenches that were recently released via Twitter and on a help forum for ransomware victims.
As Ondrej Kubovič explains, Security Specialist της ESET: «Το εργαλείο αποκρυπτογράφησης προορίζεται για αρχεία κρυπτογραφημένα από το offline RSA key, which is used by the B variant of AES-NI adding the extensions .aes256, .aes_ni and .aes_ni_0day, and for the XData variant, which adds the extension. ~ xdata in infected files »
Users who have fallen victim and still have their files encrypted can download the decryptor from the associated ESET page with the utilities. The ESET Knowledgebase page provides more information on how to use the tool and details about specific cases where the decryptor can not help.
Stakeholders can find more details about what happened and appear to have led to the "end" of this malware. Useful information on protection against ransomware is available in the official ESET blog, WeLiveSecurity.
https://download.eset.com/com/eset/tools/decryptors/aesni/latest/esetaesnidecryptor.exe