BleepingComputer reports that the White Phoenix ransomware decryption tool has been made available on the web by CyberArk to ease the recovery from attacks involving ransomware strains with intermittent encryption, such as ALPHV/BlackCat, BianLian, DarkBit, Agenda/Qilin, and Play, months after the decryptor was released as a Python project on GitHub.
Ransomware-impacted organizations and individuals with limited code knowledge could leverage the online White Phoenix decryptor by pressing the "recover" button after uploading Word, Excel, and PowerPoint files, as well as PDFs and ZIPs, according to CyberArk.
Aside from linking unencrypted portions of documents, White Phoenix facilitates text recovery through hex encoding reversal and character mapping scrambling. However, users have been advised to add certain strings when recovering PDFs and ZIP files, as well as use the "separate files" option when restoring PDFs with images.
Organizations looking to decrypt virtual machines and larger files have also been recommended to use the GitHub version due to the online decryptor's 10MB file size limit.
Utilization of Slack will be halted across most of Disney's businesses by the end of the year, said Disney Chief Financial Officer Hugh Johnston in a report in the Status media newsletter.
Attacks involved the utilization of Amazon S3 bucket and Content Delivery Network-hosted sites spoofing Google CAPTCHA pages and other verification sites, which include instructions that trigger a malicious PowerShell command downloading Lumma Stealer and proceeding with the exfiltration of sensitive device data.
Some of the 340 GB of sensitive data purportedly stolen from the City of Pleasanton, including names, birthdates, credit card numbers, and other personal and corporate financial information, have already been exposed by Valencia.