Our digital forensics specialists have engineered a dedicated decryptor for the GandCrab ransomware (v1) family — one of the most influential and widespread ransomware operations in history. First detected in early 2018, GandCrab was among the first large-scale ransomware-as-a-service (RaaS) models that enabled affiliates to distribute the malware in exchange for profit sharing. The version…
Our digital forensics and incident response division has built a specialized decryptor for the Radiant Group ransomware, a sophisticated crypto-extortion operation that first appeared in September 2025. The Radiant syndicate uses an advanced AES and RSA hybrid encryption model combined with multi-layered extortion tactics, including public data leaks and SEO sabotage. The decryptor is designed…
Our cybersecurity specialists have engineered a bespoke decryptor to assist victims of the MedusaLocker3 / Far Attack ransomware family — an evolution of the notorious MedusaLocker threat group. This version encrypts files using AES and RSA hybrid encryption, appending the “.BAGAJAI” extension to each locked file. Our decryptor is designed to: The decryptor supports both…
Our security research and response division has designed a specialized decryptor for Phantom ransomware, a variant built upon the open-source Hidden Tear framework. This strain employs robust hybrid encryption using AES-256 and RSA-2048 and renames every encrypted file by adding the “.Phantom” extension. The decryptor is engineered to: It works seamlessly in both cloud-based (for…
Our cybersecurity research division has developed a special-purpose decryptor for the Monkey ransomware, a sophisticated crypto-locker written in Rust. This ransomware encrypts data using a hybrid cryptographic model based on AES and RSA algorithms, making manual recovery nearly impossible without expert tools. Our decryptor is specifically designed to: The solution functions in two distinct modes…
Our security research team has built a specialized decryptor and incident-response framework for ransomware campaigns that attach .weax extensions to files, including variants where the filename ends with markers like help[[yan]].weax. This decryptor is engineered to: The decryptor supports both cloud-assisted and fully offline (air-gapped) modes, giving organizations flexibility depending on their sensitivity requirements. Each…
Our LockBit Black Decryptor: Precision Recovery, Expertly Built Our cybersecurity researchers have been monitoring the LockBit Black strain (also recognized as LockBit 3.0) and its latest extension .dzxn0liBX. Since LockBit operates under a Ransomware-as-a-Service (RaaS) model, affiliates distribute customized payloads, each with its own extension. Over time, we’ve created proven recovery frameworks that have successfully…
Our research team has thoroughly analyzed the Mimic/Pay2Key ransomware encryption framework and built a specialized decryptor system to support affected businesses worldwide. This solution is fully compatible with Windows, Linux, and VMware ESXi infrastructures, allowing organizations to recover files with accuracy and efficiency while reducing operational downtime. Affected By Ransomware? How the Decryption Framework Operates…
Since its first discovery in April 2025, the PGGMCixgx ransomware strain has steadily gained attention in cybersecurity forums. Infected systems typically display files renamed with the .PGGMCixgx extension and a ransom note titled PGGMCixgx.README.txt. Victims are instructed to install TOX Messenger and reach out to the attacker using a unique TOX ID: F59A1FE3F212FE3F7774232E455BE6F7EF9B34EDB616A89B7E457A1DCD4AA0603A9D9ECE1978 Unlike older…
C77L, also tracked as X77C, is a ransomware family targeting 64-bit Windows systems. It modifies filenames by adding the attacker’s email address along with an eight-character hexadecimal “Decryption ID” (taken from the disk’s volume serial). Victims have reported encrypted files with endings like: This ransomware leverages a hybrid cryptographic approach, applying AES-256 in CBC mode…
End of content
End of content