Researchers at Emsisoft developed a decryptor for the Planetary Ransomware family that could allow victims to decrypt their files for free.

Good news for the victims of the Planetary Ransomware, security firm Emsisoft has released a decryptor that allows victims to decrypt their files for free.

The name Planetary ransomware comes from the use of the names of planets for the extensions the malicious code adds to the file names of encrypted files (i.e. .mira, .yum , . Pluto, or . Neptune)

The latest variant of the Planetary malware appends the .mira extension to the names of the encrypted files. The name is a fictitious planet name mentioned in the Xenoblade Chronicles X video game.

Victims of the ransomware need to have a copy of the ransom note created when their systems were infected. The ransom note, named !!!READ_IT!!!.txt, is created in each folder that contains files encrypted by the threat and on of course on the desktop.

Decryption is very simple, victims have to download the decrypt_Planetary.exe program from the following link:

https://decrypter.emsisoft.com/planetary

then run the executable with administrative privileges to decrypt all the files that were encrypted by the ransomware.

Launching the decryptor , it will ask the victims to provide the ransom note. Once the process is completed the decryptor will display the decryption key that was found.

By pressing the OK button, the descriptor loads the key and ask the victim to select the folder containing the files to decrypt.

The current version of the decryptor will search the system for encrypted files that have names ending with the .mira, .yum, .Pluto, or .Neptune extension and decrypt them.



Emsisoft recently released free decryptor for the victims of the Hacked Ransomware and PewDiePie ransomware .

Enjoy it!

Pierluigi Paganini

(SecurityAffairs – Planetary ransomware , malware)



Emsisoft

Share this...

Linkedin Reddit Pinterest

Share On