Decrypt Intermittent Ransomware for Free with White Phoenix Online
CyberArk has released an online version of its White Phoenix tool, a free decryptor for files compromised by ransomware using intermittent encryption. Initially presented in May last year as a Python project on GitHub, this online version aims to simplify the file recovery process for non-technical victims of ransomware.
The White Phoenix online tool is user-friendly – users simply upload encrypted files, click ‘Recover file’, and wait for potential data recovery. Currently, it supports ZIP, PDF, and major office document formats, with a file size limit of 10 MB. Larger files and virtual machines still need to use Python script.
Intermittent encryption, employed by ransomware families like Blackcat/ALPHV, Play, Qilin/Agenda, BianLian, and DarkBit, accelerates data encryption by skipping parts of file blocks. White Phoenix addresses this by attempting to restore text in documents by combining unencrypted parts, reversing hexadecimal encoding, and rearranging characters.
White Phoenix’s effectiveness varies by file type and ransomware used. It essentially automates the manual recovery process used by cybersecurity experts.
Even if White Phoenix cannot fully restore files, it can still extract valuable data. It stands as the only working decryptor for the mentioned ransomware families, with experts rating its implementation highly.
For handling highly confidential information, experts recommend downloading White Phoenix from GitHub and using it locally, avoiding the upload of sensitive documents to external servers, to prevent any potential future issues.