New Free White Pheonix Ransomware Decrypter Released

Tyler Cross Tyler Cross

A new ransomware decrypter dubbed, White Pheonix, was released to combat ransomware strains that use intermittent encryption while stealing data.

Normally, when ransomware gets on your device, it encrypts all of your data and then hackers will provide a ransom note or something similar to extort their victims. Intermittent encryption is a fairly new method that’s gaining popularity among hackers — essentially, they alternate between encrypting some data but not others, making it a faster process while leaving the user’s data inaccessible.

The groups BlackCat and ALPHV illegally distribute the most advanced version of the ransomware currently, while all big RaaS offer it as an option to their affiliates. Overall, it’s seen a large spike in use over the last few years.

However, researchers at CyberArk were able to crack their code. The intermittent encryption process was built with one glaring flaw — because it leaves unencrypted code, it means the data restoration programs can be used to recreate the data, and their intermittent encryption is less secure as a result. In many cases, all the program had to do was remove the filters added to PDF or .zip files and recover the data.

That said, the process isn’t perfect and may not work for everyone. If large packets of your data have been encrypted and there simply isn’t enough unencrypted data for the decrypter to work with, you may get incomplete results. Researchers did clarify that some of the samples they worked with may not have completely relied on intermitted decryption.

White Pheonix is available for free and is able to decrypt ransomware strains from BlackCat/ALPHV, Play ransomware, Qilin/Agenda, BianLian, and DarkBit.

If you’ve been affected by any of these ransomware strands, simply download the decrypter for free from CyberArk’s public GitHub repository.

About the Author

About the Author

Tyler is a writer at SafetyDetectives with a passion for researching all things tech and cybersecurity. Prior to joining the SafetyDetectives team, he worked with cybersecurity products hands-on for more than five years, including password managers, antiviruses, and VPNs and learned everything about their use cases and function. When he isn't working as a "SafetyDetective", he enjoys studying history, researching investment opportunities, writing novels, and playing Dungeons and Dragons with friends."