- The decryptor unlocks all files encrypted by the ransomware in the process.
- Ims00rry ransomware is known to encrypt files using AES-128 and does not append an extension to the encrypted files.
Security researchers from Emsisoft have released a new, free decryptor for the Ims00rry ransomware. The decryptor unlocks files encrypted by the ransomware in the attacks. The ransomware is known to encrypt files with AES-128 and does not append an extension to encrypted files. Rather, it adds the text “—shlangan AES-256—” in the files. Furthermore, the victim is asked to contact the ransomware creators through a Telegram bot.
- The decryptor is for version 18.104.22.168 of the Ims00rry ransomware. It can be downloaded from here.
- Emsisoft says that the tool also provides various options post decryption in the ‘Options’ tab in the decryptor’s user interface.
- Once the users add the file locations of encrypted files, the ‘Decrypt’ button in the interface starts the decryption process.
- The how-to guide by Emsisoft also informs that the ransomware should be completely removed from infected systems before using the decryptor.
In the ransom note, Ims00rry authors ask for a $50 ransom, while strangely citing the need for funding their own business.
“I am sorry!!! My friend. I want to start my own business, but i have no money. All your files photos, databases, documents and other important are encrypted with strongest encryption and algorithms RSA 4096, AES-256. If you want to restore your files payment and write to Telegram bot. Price decrypt software is $50. Attention!!! Do not rename or move the encrypted files.
Contact Telegram bot:@Ims00rybot,” read the ransom note.