Emsisoft has published free decryptor tools for AstraLocker, a “smash-and-grab” ransomware family that was discontinued lately.
AstraLocker, which was discovered in 2021, is a fork of the Babuk ransomware, whose source code was discovered online in September 2021. In March 2022, AstraLocker released a significant update. The ransomware was placed as an OLE object in Microsoft Word documents that the attackers exploited to entice potential victims. To activate the malware, the attackers required numerous additional clicks from the victims.
It was observed that the ransomware terminated any activities that would conflict with the encryption process and listed all discs and network shares before encrypting the data on them.