Have you been attacked by Ransomware?
Did malicious threat actors encrypt your valuable files?
There is still hope!
CyberArk Labs is happy to share this free recovery service that can try and help you
It's based on research work we did and a free recovery tool that we developed as a POC and published as open source on and published as open source on GitHub - link.
A new trend has emerged in the world of ransomware: intermittent encryption, the
partial encryption of targeted files. Many ransomware groups, such as BlackCat and Play, have
adopted this approach.
White Phoenix is an open-source tool created by researchers in CyberArk Labs that leverages features of intermittent encryption to allow victims of ransomware attacks to recover some of the data from files that have been encrypted by intermittent encryption. The researchers designed this website for both individuals who may not be tech-savvy and those who simply want to swiftly test White Phoenix, allowing them to utilize the tool without the need to download it and execute Python.
It's that simple! Once the file is uploaded, White Phoenix will run and recover whatever data can be extracted, returning it in a docx/zip file.
Note: Not all data can be recovered. Please follow these guidelines to improve the chances of success:
With intermittent encryption, ransomware will often skip parts of the files they are encrypting.
As a result, occasionally they will miss valuable data that, while not accessible through
typical file readers and editors, are still technically accessible.Our open source tool, White
Phoenix, parses the
uploaded files looking for sections that hold such valuable data and extracts them for
For more technical information on how the parsing is done visit our blog post about White Phoenix.
CyberArk Labs is a vital component of CyberArk LTD's cutting-edge research division. Within our
labs, we are dedicated to pioneering Threat Research and Innovation, constantly pushing the
boundaries of cybersecurity knowledge.
Our team actively shares valuable insights through our blog hosted at Home - CyberArk Labs and actively participates in esteemed conferences like BlackHat and DEF CON to showcase our groundbreaking research.
Moreover, our commitment extends to the development of open-source resources, which you can explore on our GitHub repository at CyberArk. Among these valuable tools, White Phoenix stands out as a beacon of hope for ransomware victims, designed to assist in the recovery of lost data.