Free decryptor released for TargetCompany ransomware victims

Czech cybersecurity software company Avast has released a decryptor that allows TargetCompany ransomware victims to recover their files for free.

However, as Avast warns, this decryptor can only be used to recover encrypted files “under certain circumstances”.

Victims who want to get their files back using this decryption tool should also be aware that it is likely to be a resource-intensive and time-consuming process.

“During password cracking, all your available processor cores will expend most of their computing power to find the decryption password. The cracking process can take a long time, up to tens of hours,” Avast said.

“The decryptor periodically saves the progress and if you pause it and restart the decryptor later, it will offer you an option to continue the cracking process you started earlier.”

TargetCompany ransomware decryptor works by cracking the password after comparing an encrypted file with its original unencrypted version.

According to Avast, this only needs to be done once for each device encrypted with TargetCompany ransomware, as the Decryptor wizard allows you to enter previously cracked encryption passwords by selecting “I know the password to decrypt files”.

TargetCompany decryptor
TargetCompany decryptor (BleepingComputer)

TargetCompany ransomware victims can download the decryption tool from Avast’s servers to decrypt entire hard drive partitions using the instructions displayed on the tool’s interface.

“On the last page of the wizard, you can specify whether you want to back up encrypted files. These backups can come in handy if something goes wrong during the decryption process,” Avast added.

“This option is enabled by default, which is what we recommend. After you click ‘Decrypt’, the decryption process will begin. Let the decryptor work and wait for it to complete.”

For more instructions on how to use Avast’s TargetCompany ransomware decryptor, click here.

TargetCompany is a relatively newly discovered ransomware strain that has been active since mid-June 2021 and adds the .mallox, .exploit, .architek, or .brg extension to all encrypted files.

TargetCompany activity
TargetCompany ransomware submissions (ID ransomware)

It also drops ransom note called “HOW TO RECOVER !!.TXT” in all folders containing encrypted files.

This happens after deleting volume shadow copies, reconfiguring startup options and ending processes that could lock databases with sensitive information (e.g. MySQL, Oracle, SQL Server).

Avast also released free decryptors for Babuk, AtomSilo, and LockFile ransomware in October 2021 to allow victims to recover their files without paying a ransom.

Comments are closed.