Emsisoft has released a decryptor for the Planetary ransomware family. The key can allow victims to unlock their encrypted files for free.
About the Planetary ransomware family - The ransomware family gets its name from the extensions that it uses while appending the encrypted files. Usually, the malware family uses the names of planets for the extensions.
Depending on the variants, the malware family appends the encrypted files with .mira, .yum, .Pluto or .Neptune extensions.
The latest variant uses the .mira extension which is named after the fictitious planet from the Xenoblade video game.
How does the decryptor work - In order to decrypt files for free, the victims need to make sure that they have a copy of the ransom note and encrypted files. The ransom note is named as ‘!!!READ_IT!!!.txt’ and is located in each folder where the files are encrypted.
After that, victims must download the decrypt_Planetary.exe program from the link provided by Emsisoft and save it on the desktop. Once downloaded, run the program with administrative privileges in order to decrypt all the files that were targeted by the ransomware.
Once the decrypter software starts running on the system, it will display a screen on victims’ desktops. The victims’ are required to add the infected drives and corresponding files to begin the decryption process.
When it has finished, the ‘Results’ tab on the screen will state that all the files are decrypted.