ESET announced that it has launched a decryption tool for AES-NI to users whose data has been encrypted by Win32 / Filecoder.AESNI.B and Win32 / Filecoder.AESNI.C (also known as XData).
The decryption tool for AES-NI is based on keys recently released via Twitter and a victim help forum ransomware.
As ESET Security Specialist Ondrej Kubovič explains: “The decryption tool is intended for files encrypted by the offline RSA key, which usesfrom parchange B of AES-NI by adding the extensions .aes256, .aes_ni and .aes_ni_0day, and for the XData variant, which adds the extension .~xdata to the infected files”
Users who have fallen victim and still have their files encrypted can download the decryptor from the associated ESET page with the utilities. The ESET Knowledgebase page provides more information on how to use the tool and details about specific cases where the decryptor can not help.
Those interested can find more details about what happened and seems to have led to the "end" of this malware. Useful information on ransomware protection is available on ESET's official blog, WeLiveSecurity.
https://download.eset.com/com/eset/tools/decryptors/aesni/latest/esetaesnidecryptor.exe
