New ransomware decryptor recovers data from partially encrypted files

10-May-23

Using a new ‘White Phoenix’ ransomware decryptor, victims can partially restore files that have been encrypted by ransomware strains that employ sporadic encryption. Many ransomware groups use intermittent encryption, which alternates between encrypting and decrypting sections of data. With this technique, a file can be encrypted significantly more quickly while still making the data inaccessible to the victim.

Sentinel Labs claimed in September 2022 that BlackCat/ALPHV appears to have the most comprehensive implementation of intermittent encryption, with all major RaaS offering it at least as an option to affiliates.

Read More…