Jump to content

Online ransomware decryptor helps recover partially encrypted files

Recommended Posts

Since "unfortunate souls" keep posting in the forum about a way to decrypt their files w/o using Eset to prevent the ransomware in the first place, the following might be informative. Note that this tool applies to cryptor's that perform partial file encrytion and only for a limited number of file extension types;


CyberArk has created an online version of 'White Phoenix,' an open-source ransomware decryptor targeting operations using intermittent encryption.

The company announced today that although the tool was already freely available through GitHub as a Python project, they felt an online version was needed for the less tech-savvy ransomware victims who don't know how to work with the code.

Using the online White Phoenix is as simple as uploading files, hitting the "recover" button, and allowing the tool some time to restore whatever it can.

Currently, the tool supports PDFs, Word and Excel document files, ZIPs, and PowerPoint. Also, the online version has a file size limit of 10MB, so if you're looking to decrypt larger files or virtual machines (VMs), the GitHub version is the only way to go.



It was tested on BlackCat/ALPHV Ransomware, Play Ransomware, Qilin/Agenda Ransomware, BianLian Ransomware, and DarkBit.

Intermittent encryption occurs when ransomware chooses not to encrypt every part of each file but instead encrypts sections, frequently in blocks of a set size or just the start of the targeted files.


White Phoenix web site here:https://getmyfileback.com/

Edited by itman
Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...