Free ransomware recovery tool White Phoenix now has a web version

White Phoenix is a free ransomware recovery tool for situations where files are encrypted with intermittent encryption. It was tested on BlackCat/ALPHV Ransomware, Play Ransomware, Qilin/Agenda Ransomware, BianLian Ransomware, and DarkBit.

Intermittent encryption occurs when ransomware chooses not to encrypt every part of each file but instead encrypts sections, frequently in blocks of a set size or just the start of the targeted files.

Consumer concerns about ransomware attacks

Consumers are keeping a pulse on cybersecurity trends and have serious concerns about how their sensitive information is protected. 64% are worried about the rising threat of ransomware.

2023 marked a historic high for ransomware groups, with a 55.5% increase in attacks, reaching 4,368 victims globally, according to Cyberint. Ransomware is a profitable microcosm, and we can expect to see it grow as a startup ecosystem, with more groups acting as unicorns, disruptors, and newcomers.

White Phoenix gets a web version

CyberArk Labs released the web version of White Phoenix. The web version will expand beyond GitHub to make the tool more accessible for those who don’t work with code – all you have to do is upload a file that you’d like recovered, and then it will be downloaded shortly after that.

The researchers designed the web version for individuals who may not be tech-savvy and those who want to test White Phoenix, allowing them to utilize the tool without downloading it and executing Python.

White Phoenix’s expanded access will become more vital to ransomware victims as threat groups increasingly use partial (or intermittent) encryption to maximize damage while evading detection. Play ransomware has become one of the more notorious groups for using this tactic.

How this free ransomware recovery tool works

It’s straightforward. Just upload the file, and White Phoenix will process it, extracting any recoverable data and delivering it back to you in a docx/zip format.

Supported file types: PDF, Word, Excel, PowerPoint, Zip files.

Files with larger sizes tend to have more recoverable sections. This platform can manage files up to 10MB. Utilize the GitHub version for larger files.

For PDF files, image recovery might not always be successful. To improve the chances of image recovery, select the “Separated Files” option before initiating the recovery process.

“This is a welcome tool for those dealing with the scourge of ransomware. Very often, victims of ransomware feel they have no option but to pay the ransom demand to get their data back. This tool from CyberArk, similar to the NoMoreRansom project from Europol, can provide those victims with the ability to recover their data without paying criminals,” Brian Honan, CEO at BH Consulting, told Help Net security.

“However, in cybersecurity, prevention is always better than cure, and companies should not rely on these platforms to recover their systems in the event of a ransomware attack. Recovery from a ransomware attack, even when you have the decryption key, can be a long and time-consuming process, resulting in major disruption to the business. So, companies should ensure they have strong protective and detective measures in place, such as effective endpoint protection, robust email and web filtering for malicious content, mature security awareness programs, immutable backups, and constant monitoring for suspicious activity. Companies should also be prepared for how they react to a ransomware attack by having effective incident response plans in place which are regularly tested,” Honan concluded.