Have you been attacked by Ransomware?
Did malicious threat actors
encrypt
your valuable files?
There is still hope!
CyberArk Labs is happy to share this free recovery service that can try and help you
🍺
It's based on research work we did and a free recovery tool that we developed as a POC and published as open source on
and published as open source on GitHub - link.
A new trend has emerged in the world of ransomware: intermittent encryption, the
partial encryption of targeted files. Many ransomware groups, such as BlackCat and Play, have
adopted this approach.
White Phoenix is an open-source tool created by researchers in
CyberArk Labs that
leverages features of intermittent encryption to allow victims of ransomware attacks to recover
some of the data from files that have been encrypted by intermittent encryption. The researchers
designed this website for both individuals who may not be tech-savvy and those who simply want
to swiftly test White Phoenix, allowing them to utilize the tool without the need to download it
and execute Python.
It's that simple! Once the file is uploaded, White Phoenix will run and recover whatever data can be extracted, returning it in a docx/zip file.
Note: Not all data can be recovered. Please follow these guidelines to improve the chances of success:
With intermittent encryption, ransomware will often skip parts of the files they are encrypting.
As a result, occasionally they will miss valuable data that, while not accessible through
typical file readers and editors, are still technically accessible.Our open source tool, White
Phoenix, parses the
uploaded files looking for sections that hold such valuable data and extracts them for
recovery.
For more technical information on how the parsing is done visit our blog post about
White Phoenix.
CyberArk Labs is a vital component of CyberArk LTD's cutting-edge research division. Within our
labs, we are dedicated to pioneering Threat Research and Innovation, constantly pushing the
boundaries of cybersecurity knowledge.
Our team actively shares valuable insights through our
blog hosted at Home - CyberArk Labs and
actively participates in esteemed conferences like
BlackHat and DEF CON to showcase our groundbreaking research.
Moreover, our commitment extends
to the development of open-source resources, which you can explore on our GitHub repository at
CyberArk. Among these valuable tools,
White Phoenix stands out as a beacon of hope for
ransomware victims, designed to assist in the recovery of lost data.