Kaspersky Release Free decryptor For Yanluowang Ransomware Victims

Russian cybersecurity firm Kaspersky has released a free decryptor to help victims decrypt files locked by the Yanluowang ransomware.

According to Kaspersky, the decryptor was enabled by a vulnerability in the encryption algorithm of Yanluowang ransomware, which makes it possible to restore files the ransomware encrypts.

Yanluowang encrypts files larger and those smaller than 3GB using different methods. The larger files are partially encrypted in 5MB stripes after every 200MB. The smaller files are encrypted completely from beginning to end.

Due to different encryption methods, it is possible to encrypt all files on the compromised system if the original file is larger than 3 GB. However, if the original file is smaller than 3 GB, only small files can be decrypted.

To decrypt files smaller than or equal to 3 GB, users need a file pair with a size of 1024 bytes or more.

To decrypt large files larger than 3 GB, users need a pair of encrypted and original files, each no less than 3 GB in size.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web