Victims of the BianLian ransomware attacks can download the free decryption tool recently released by popular cybersecurity company, Avast. It’s completely free and receives updates as more versions of the malware are found.
The Go-based ransomware emerged in August and targets Windows users. Upon its execution, the BianLian ransomware (not to be confused with the Trojan of the same name) will search your PC drives for personal information and encrypt any data that matches the parameters it’s searching for. Encrypted files are given a .bianlian extension — and users receive a ransomware note with instructions to recover their data or have it leaked online.
This free tool is a standalone executable that requires no installations. It can recover any data that was encrypted using known strains of the BianLian ransomware and let you create backups of encrypted files in case something goes wrong during recovery. However, this tool won’t help anyone affected by unknown variants of the malware.
Since users select which files to decrypt, new victims may have to find the ransomware binary themselves, as the malware deletes itself after encryption is finished. After the process is done, BianLian only leaves behind a small 2 MB executable file.
Examples of the ransomware file that victims should look for include,
- C:\Windows\TEMP\mativ.exe
- C:\Windows\Temp\Areg.exe
- C:\Users\%username%\Pictures\windows.exe
- anabolic.exe
It’s recommended that users check the virus vault of their antivirus as well.
Avast has requested anyone who finds new strains of the ransomware to inform them at decryptors@avast.com so that they can continue to update their decrypter with the newest versions of the BianLian ransomware.
Though this free tool can only decrypt known strains of the ransomware, Avast has confirmed that it is a work in progress and that decryption for more variants will be added soon.