Luckily, ransomware programmers make mistakes too, so Avast's specialists were able to develop a decryption tool for the Hades family's MafiaWare666 ransomware. MafiaWare666 is also known as JCrypt, RIP Lmao or BrutusptCrypt.
Avast releases MafiaWare666 ransomware decryption tool. MafiaWare666 is a ransomware strain written in C# that does not contain any obfuscation or anti-analysis techniques. It encrypts files using AES encryption. Avast discovered a vulnerability in the encryption scheme that allows decrypting some of the variants without paying the ransom. New or previously unknown samples may encrypt files differently, so they may not be decryptable without further analysis.
Targeting classic file folders
MafiaWare666 reported this blackmail (image: Avast).
The ransomware scans specific folder locations such as Desktop, Music, Videos, Pictures, and Documents and encrypts files. These files get a new extension that varies depending on the example: .MafiaWare666, .jcrypt, .brutusptCrypt, .bmcrypt, .cyberone, .l33ch. The ransomware then displays a window with instructions on how to pay the ransom. The instructions instruct victims to contact the attacker and pay in Bitcoin. The ransom price is relatively low, ranging from $50 to $300, although some of the older specimens with other names charge much more, up to a bitcoin which is around $20.000 at the time of publication.
Decryption with free tool
Avast now offers a decryption tool for free. Handling is very easy. After the tool runs, it searches a specified target drive. If it finds encrypted files there, the tool tests which password is the correct one. If found, the bulk decryption process starts.
More at Avast.com
About Avast Avast (LSE: AVST), a FTSE 100 company, is a leading global provider of digital security and privacy products. Avast has over 400 million online users and offers products under the Avast and AVG brands that protect people from threats from the Internet and the evolving IoT threat landscape. The company's threat detection network is one of the most advanced in the world, using technologies like machine learning and artificial intelligence to detect and stop threats in real time. Avast's digital security products for mobile, PC or Mac have been top-rated and certified by VB100, AV-Comparatives, AV-Test, SE Labs and other test institutes.