October 6, 2022

Avast has published a decryptor for variants of the Hades ransomware after they discovered a bug in the encryption scheme of the Hades strain which made it possible to unlock some of the variants.

The Avast decryptor only supports files that are encrypted by certain variants of the Hades ransomware family. These variants include identified extensions and strings that are appended/ prepended to the name of an encrypted file such as “.MafiaWare666,” “.jcrypt,” “.brutusptCrypt,.” “.bmcrypt,” “.cyberone,” “.I33ch.”

Users affected by one of the variants can download the free decryptor, run the executable, select the drive where the encrypted files are stored, and point the tool to a sample pair of encrypted and original files.

Users with valid password for decrypting the files but could not get the decryptor supplied by Hades to work, it is recommended to tick the box and set it to Avast tool.

According to researchers, most victims do not have a password, so it is important that they wait for Avast to manually crack the tool, which could take some time. Once the password is displayed, users can start the decryption process. It is important that users tick the boxes to back up the encrypted files and run the tool as an administrator.

Users should also enable the option to back up encrypted files, as a problem with the decryptor can cause the encrypted files to be damaged further.

The sources for this piece include an article in BleepingComputer.