К

.

А

.

А

S

I

T

E

.

Белом Фениксе

Researchers from CyberArk developed the White Phoenix decryptor for ransomware with intermittent encryption

Researchers from CyberArk developed the White Phoenix decryptor for ransomware with intermittent encryption. The exploit uses unencrypted parts of files as a loophole for data recovery. Starting with successful experiments with pdf-files, the developers added support for zip-archives and office file formats Word, Excel and Powerpoint.

Of course, such a universal decryptor will not always work, even for theoretically supported formats. So, if a significant part of the file has been encrypted, including critical parts, it is subject to recovery. The tool also supports only files with specific lines. Nevertheless, such experimental decryptors can allow to restore at least part of important files after a ransomware attack. And at the same time put under question the use of intermittent encryption by attackers. Read more about White Phoenix at the link (https://www.cyberark.com/resources/threat-research-blog/white-phoenix-beating-intermittent-encryption)