BTC $70823.7516
ETH $3531.0259
BNB $621.2790
SOL $172.6448
stETH $3527.9907
XRP $0.6083
DOGE $0.1997
TON $7.2456
ADA $0.5853
AVAX $46.2175
wstETH $4100.4456
DOT $8.4402
BCH $607.1354
WETH $3536.6758
WBTC $70909.4458
TRX $0.1219
LINK $17.6560
MATIC $0.8809
UNI $9.0821
ICP $15.6959
LTC $97.8636
CAKE $3.7041
DAI $0.9996
IMX $2.5675
ETC $33.6641
RNDR $9.1096
FIL $8.1342
STX $2.9994
MNT $1.2895
NEAR $6.8343
TAO $615.5692
VET $0.0503
ATOM $10.8915
HBAR $0.0996
OKB $56.9032
FDUSD $1.0028
WIF $3.3890
KAS $0.1440
MKR $3344.9389
PEPE $0.0000
GRT $0.3114
THETA $2.8807
INJ $31.7467
FET $2.5067
XLM $0.1297
XMR $134.0517
USDE $1.0001
BTC $70823.7516
ETH $3531.0259
BNB $621.2790
SOL $172.6448
stETH $3527.9907
XRP $0.6083
DOGE $0.1997
TON $7.2456
ADA $0.5853
AVAX $46.2175
wstETH $4100.4456
DOT $8.4402
BCH $607.1354
WETH $3536.6758
WBTC $70909.4458
TRX $0.1219
LINK $17.6560
MATIC $0.8809
UNI $9.0821
ICP $15.6959
LTC $97.8636
CAKE $3.7041
DAI $0.9996
IMX $2.5675
ETC $33.6641
RNDR $9.1096
FIL $8.1342
STX $2.9994
MNT $1.2895
NEAR $6.8343
TAO $615.5692
VET $0.0503
ATOM $10.8915
HBAR $0.0996
OKB $56.9032
FDUSD $1.0028
WIF $3.3890
KAS $0.1440
MKR $3344.9389
PEPE $0.0000
GRT $0.3114
THETA $2.8807
INJ $31.7467
FET $2.5067
XLM $0.1297
XMR $134.0517
USDE $1.0001
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Avast releases BianLian ransomware decryptor


    Security software company Avast has released a free decryptor for BianLian ransomware. The decryptor helps malware victims recover locked files without transferring money to hackers.

    The decryptor appeared about six months after the increased activity of the BianLian ransomware. In the summer of 2022, it was used massively, several well-known organizations were hacked.

    The Avast tool only targets BianLian. It will not be able to recover files encrypted by other types of encryptors.

    It is also possible that on the darknet you can stumble upon a new version of BianLian, which the researchers from Avast have not yet seen and have not optimized their decoder for it.

    The program is still under development. The ability to unlock more types of BianLian will be added soon.

    BianLian is a type of ransomware in the Go programming language. The malware targets Windows systems.

    BianLian uses AES-256 symmetric algorithm with CBC encryption mode and supports over a thousand file extensions.

    The malware performs discontinuous encryption of the victim's files. This helps to speed up the process and not put a lot of load on the disk so that the user does not suspect anything.

    Encrypted files get a ".bianlian" extension (you can't go wrong with the choice of decryptor), and the generated ransom note warns the victims that they have ten days to fulfill the hacker's demands. Otherwise, the victim's personal data will be published on the dark web.

    The Avast decryptor itself is available for free. The program is a standalone executable that does not require installation.

    Users can select an entire directory for decryption, but to do this, they first need to provide the program with an example: any encrypted file and its unencrypted version (it will be difficult without a backup). Then the decryptor will be able to guess the password.

    The program also has an option for users who already have the decryption password on hand. And it is really possible to get it if the attack is detected in time. If the victim does not have a password, the software may try to guess it from the available database.

    The decryptor also offers the option to back up encrypted files to prevent permanent data loss if something goes wrong during the process.

    In the event of an attack from newer versions of the BianLian ransomware, you should try to find the ransomware binary on your local drive, which may contain decryption data for locked files.

    Avast reports that some common filenames and locations for them are as follows:

    • C:\Windows\TEMP\mativ.exe
    • C:\Windows\Temp\Areg.exe
    • C:\Users\%username%\Pictures\windows.exe
    • anabolic.exe

    However, the malware deletes itself immediately after the file encryption phase, so these files are unlikely to be found on the system.

    If binary files with encryption data are found in the system, the company asks to send them. So Avast will be able to improve their decryptor.

    Author DeepWeb
    MetaMask users suffer from cybercriminals
    How to cleanse psychoactive substances

    Comments 0

    Add comment