Avast, a Czech cybersecurity software company, has created a free decryption tool to assist TargetCompany ransomware victims in recovering their files. This decryptor, however, may only be used to restore encrypted files “under certain circumstances,” according to Avast. Victims who use this decrypting program to retrieve their files should be warned that it will likely be a resource-intensive and time-consuming operation.
“During password cracking, all your available processor cores will spend most of their computing power to find the decryption password. The cracking process may take a large amount of time, up to tens of hours,” Avast said. “The decryptor periodically saves the progress and if you interrupt it and restart the decryptor later, it offers you an option to resume the previously started cracking process.”
After comparing an encrypted file with its original unencrypted version, the TargetCompany ransomware decryptor cracks the password. Avast says this only needs to be done once per device infected with TargetCompany ransomware because the decryptor wizard will allow you to enter previously broken encryption passwords by selecting the “I know the password for decrypting files” option.
TargetCompany ransomware victims can use the decryption tool (64-bit or 32-bit) downloaded from Avast’s servers to decrypt entire disk partitions by following the instructions shown in the program’s user interface.
“On the final wizard page, you can opt-in whether you want to backup encrypted files. These backups may help if anything goes wrong during the decryption process,” Avast added. “This option is turned on by default, which we recommend. After clicking ‘Decrypt,’ the decryption process begins. Let the decryptor work and wait until it finishes.”
Additional instructions for using Avast’s TargetCompany ransomware decryptor may be found here. TargetCompany is a ransomware strain that has been active since mid-June 2021 and adds a .mallox, .exploit, .architek, or .brg extension to all encrypted files. It also leaves a ransom note file entitled “HOW TO RECOVER !!.TXT” in all encrypted file directories. This occurs after it deletes disk shadow copies, reconfigures boot parameters, and terminates programs that might lock sensitive data databases (e.g., MySQL, Oracle, SQL Server).