Security software company Avast has released a free decryptor for the BianLian ransomware strain to help victims of the malware recover locked files without paying the threat actor. The availability of a decryptor comes only about half a year after increased activity from BianLian ransomware over the summer of 2022, when the threat group breached multiple high-profile organizations. Avast’s decryption tool can only help victims attacked by a known variant of the BianLian ransomware. If the attackers are using a new version of the malware that researchers have yet to catch, the tool is of no help at the moment. However, Avast says the BianLian decryptor is a work in progress, and the ability to unlock more strains will be added shortly. BianLian (not to be confused with the same-name Android banking trojan) is a Go-based ransomware strain targeting Windows systems. It uses the symmetric AES-256 algorithm with the CBC cipher mode to encrypt over 1013 file extensions on all accessible drives. The malware performs intermittent encryption on the victim’s files, a tactic that helps speed up the attacks at the expense of data locking strength. Encrypted files get the “.bianlian” extension, while the generated ransom note warns victims that they have ten days to meet the hacker’s demands or their private data will be published on the gang’s data leak site.