Good news for the victims of the Planetary Ransomware, security firm Emsisoft has released a decryptor that allows victims to decrypt their files for free.
The name Planetary ransomware comes from the use of the names of planets for the extensions the malicious code adds to the file names of encrypted files (i.e. .mira, .yum
The latest variant of the Planetary malware appends the .mira extension to the names of the encrypted files. The name is a fictitious planet name mentioned in the Xenoblade Chronicles X video game.
Victims of the ransomware need to have a copy of the ransom note created when their systems were infected. The ransom note, named !!!READ_IT!!!.txt, is created in each folder that contains files encrypted by the threat and on of course on the desktop.
Decryption is very simple, victims have to download the decrypt_Planetary.exe program from the following link:
then run the executable with administrative privileges to decrypt all the files that were encrypted by the ransomware.
By pressing the OK button, the descriptor loads the key and ask the victim to select the folder containing the files to decrypt.
The current version of the decryptor will search the system for encrypted files that have names ending with the .mira, .yum, .Pluto, or .Neptune extension and decrypt them.
(SecurityAffairs – Planetary
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.