Avast Releases Free Decrypter for Victims of BianLian Ransomware Attacks

Tyler Cross
Tyler Cross Senior Writer
Tyler Cross Tyler Cross Senior Writer

Victims of the BianLian ransomware attacks can download the free decryption tool recently released by popular cybersecurity company, Avast. It’s completely free and receives updates as more versions of the malware are found.

The Go-based ransomware emerged in August and targets Windows users. Upon its execution, the BianLian ransomware (not to be confused with the Trojan of the same name) will search your PC drives for personal information and encrypt any data that matches the parameters it’s searching for. Encrypted files are given a .bianlian extension — and users receive a ransomware note with instructions to recover their data or have it leaked online.

Avast Releases Free Decrypter for Victims of BianLian Ransomware Attacks

This free tool is a standalone executable that requires no installations. It can recover any data that was encrypted using known strains of the BianLian ransomware and let you create backups of encrypted files in case something goes wrong during recovery. However, this tool won’t help anyone affected by unknown variants of the malware.

Since users select which files to decrypt, new victims may have to find the ransomware binary themselves, as the malware deletes itself after encryption is finished. After the process is done, BianLian only leaves behind a small 2 MB executable file.

Examples of the ransomware file that victims should look for include,

  • C:\Windows\TEMP\mativ.exe
  • C:\Windows\Temp\Areg.exe
  • C:\Users\%username%\Pictures\windows.exe
  • anabolic.exe

It’s recommended that users check the virus vault of their antivirus as well.

Avast has requested anyone who finds new strains of the ransomware to inform them at decryptors@avast.com so that they can continue to update their decrypter with the newest versions of the BianLian ransomware.

Though this free tool can only decrypt known strains of the ransomware, Avast has confirmed that it is a work in progress and that decryption for more variants will be added soon.

About the Author
Tyler Cross
Tyler Cross
Senior Writer

About the Author

Tyler is a writer at SafetyDetectives with a passion for researching all things tech and cybersecurity. Prior to joining the SafetyDetectives team, he worked with cybersecurity products hands-on for more than five years, including password managers, antiviruses, and VPNs and learned everything about their use cases and function. When he isn't working as a "SafetyDetective", he enjoys studying history, researching investment opportunities, writing novels, and playing Dungeons and Dragons with friends.

Leave a Comment