ESET announced that it has launched a decryption tool for AES-NI to users whose data has been encrypted by Win32 / Filecoder.AESNI.B and Win32 / Filecoder.AESNI.C (also known as XData).
The decryption tool for AES-NI is based on recently released keys via Twitter and a help forum for ransomware victims.
As Ondrej Kubovič explains, Security ESET Specialist: “The decryption tool is intended for files encrypted by offline RSA key used by AES-NI variant B by adding the .aes256, .aes_ni, and .aes_ni_0day extensions, and the XData variant, which adds the. ~ xdata extension to infected files »
Users who have fallen victim and still have their files encrypted can download the decryptor from the associated ESET page with the utilities. The ESET Knowledgebase page provides more information on how to use the tool and details about specific cases where the decryptor can not help.
Those interested can find more details about what happened and seems to have led to the "end" of this malware. Useful information on ransomware protection is available on ESET's official blog, WeLiveSecurity.
https://download.eset.com/com/eset/tools/decryptors/aesni/latest/esetaesnidecryptor.exe
