The ransomware’s developer submitted a ZIP archive with AstraLocker decryptors to the VirusTotal malware analysis platform.
BleepingComputer downloaded the archive and confirmed that the decryptors are legitimate and working after testing one of them against files encrypted in a recent AstroLocker campaign.
While we only tested one decryptor that successfully decrypted files locked in one campaign, other decryptors in the archive are likely designed to decrypt files encrypted in previous campaigns.
“It was fun, and fun things always end sometime. I’m closing the operation, decryptors are in zip files, clean. I will come back,” AstraLocker’s developer said. “I’m done with ransomware for now. I’m going in cryptojaking lol.”
While the developer did not reveal the reason behind the AstraLocker shutdown, it’s likely due to the sudden publicity brought by recent reports that would land the operation in law enforcement’s crosshairs.
A universal decryptor for AstraLocker ransomware is currently in the works, to be released in the future by Emsisoft, a software company known for helping ransomware victims with data decryption.
While it doesn’t happen as often as we’d like, other ransomware groups have released decryption keys and decryptors to BleepingComputer and security researchers as a gesture of goodwill when shutting down or releasing new versions.