The researchers state that AtomSilo ransomware attack methods are usually characterized by the use of a fixed drive list by means of which a local drives search is performed. On the other hand, LockFile ransomware uses to call GetLogicalDriveStringsA() and processes all fixed drives.
According to the experts who released this tool, the decrypter has also some limitations:
During the decryption process, the Avast AtomSilo decryptor relies on a known file format in order to verify that the file was successfully decrypted. For that reason, some files may not be decrypted. This can include files with proprietary or unknown format, or with no format at all, such as text files.
The decrypter for these two ransomware strains was developed based on Jiří Vinopal’s data, a RE-CERT security researcher who was announcing on October 17 that he discovered a method to crack the encryption of AtomSilo and that he also built a proof-of-concept decrypter.
Avast researchers developed the decrypter for this ransomware strain by means of the source code that was leaked on a forum at the beginning of September. It seems that decryption keys associated with past victims could be found inside that code. That is why only past victims whose files were encrypted with one of the file extensions .babyk or .babuk will benefit from this decrypter.
How to Stay Safe?
Ransomware is the most popular and dangerous threat nowadays. Before getting to the point of data encryption and ransom demand, you should focus on prevention, as prevention will always make your cyber life easier. Take a look at our awarded Threat Prevention, the best tool for stunning accuracy and a very effective product when talking about detecting hidden malware. You can pair it with our Next-Gen Endpoint Antivirus and last, but not least, with our Ransomware Encryption Protection. Heimdal™ products do nicely together.
If you enjoyed this article, because we know that you surely did, don’t forget to follow us on Linkedin, Twitter, Youtube, or Instagram to never miss a thing we post.
Hi! My name is Andra and I am a passionate writer interested in a variety of topics. I am curious about the cybersecurity world and what I want to achieve through what I write is to keep you curious too!