ESET announced that it has launched a decryption tool for AES-NI to users whose data has been encrypted by Win32 / Filecoder.AESNI.B and Win32 / Filecoder.AESNI.C (also known as XData).
The decryption tool for AES-NI is based on keys recently released through it Twitter and in a help forum for ransomware victims.
As Ondrej Kubovič explains, Security Specialist from ESET: “The decryption tool is intended for offline encrypted files key RSA, which is used by AES-NI variant B by adding the .aes256, .aes_ni and .aes_ni_0day extensions, and for the XData variant, which adds the .~xdata extension to infected files”
Users who have fallen victim and still have their files encrypted can do so λήψη of the decryptor from the relevant σελίδα of ESET with the auxiliary tools. The ESET Knowledgebase page provides more information on how to use the tool and details on specific cases where the decryptor cannot help.
Stakeholders can find more details about what happened and appear to have led to the "end" of this malware. Useful information on protection against ransomware is available in the official ESET blog, WeLiveSecurity.
https://download.eset.com/com/eset/tools/decryptors/aesni/latest/esetaesnidecryptor.exe
