Good news for the victims of the Planetary Ransomware, security firm Emsisoft has released a decryptor that allows victims to decrypt their files for free.
The name Planetary ransomware comes from the use of the names of planets for the extensions the malicious code adds to the file names of encrypted files (i.e. .mira, .yum
The latest variant of the Planetary malware appends the .mira extension to the names of the encrypted files. The name is a fictitious planet name mentioned in the Xenoblade Chronicles X video game.
Victims of the ransomware need to have a copy of the ransom note created when their systems were infected. The ransom note, named !!!READ_IT!!!.txt, is created in each folder that contains files encrypted by the threat and on of course on the desktop.
Decryption is very simple, victims have to download the decrypt_Planetary.exe program from the following link:
then run the executable with administrative privileges to decrypt all the files that were encrypted by the ransomware.
By pressing the OK button, the descriptor loads the key and ask the victim to select the folder containing the files to decrypt.
The current version of the decryptor will search the system for encrypted files that have names ending with the .mira, .yum, .Pluto, or .Neptune extension and decrypt them.
(SecurityAffairs – Planetary