Victims of some Hades family blackmail Trojans such as MafiaWare666 can regain access to their data under certain conditions.
Avast security researchers have discovered a vulnerability in various strains of the Hades ransomware. Based on that, they developed a free tool for Windows. If the framework conditions are right, victims of the encryption Trojans can open their files again without paying a ransom
In an article, the security researchers write that their tool (download) can save encrypted data with the following file name extensions:
However, this only works if victims feed the tool with the encrypted and the unencrypted version of a file. Only then can it reconstruct the password for decryption from this comparison. If this is the case, according to the researchers, the tool can decrypt all data encrypted on a PC.
For security reasons, you should enable the option to backup the encrypted data in the tool. This way you are on the safe side if something goes wrong during the decryption process.
Find more decryption tools
It happens every now and then that security researchers develop free decryption tools. To check whether such a tool already exists, one simply needs to visit the ID Ransomware website and upload the ransom note or an encrypted file via HTTPS. The service then shows which ransomware it is and whether a decryption tool is already available.
Security researchers from the MalwareHunterTeam are behind the website. The operators are very well connected in the ransomware scene and have been actively fighting blackmail Trojans for several years.