Novel White Phoenix ransomware decryptor published

CyberArk has released the new free White Phoenix ransomware decryptor, which enables partial recovery for files subjected to intermittent encryption as performed by the BianLian, BlackCat/ALPHV, DarkBit, Play, and Qilin/Agenda ransomware operations, reports BleepingComputer. White Phoenix has been developed after various tests with partially encrypted PDF files, with researchers discovering that many PDF file objects have not been affected by specific BlackCat encryption modes, enabling data extraction. Other file formats have also been restored using the White Phoenix tool through 7zip and a hex editor but researchers noted that the success of the file decryption process is dependent on the extent of the file's damage. "Depending on the specific ransomware sample being used, different file sizes might be too encrypted to recover data from. If the following characters aren't seen in the file, it is likely fully encrypted and White Phoenix won't be able to help," said CyberArk.