August 12, 2025 By Pierluigi Paganini
Researchers at cybersecurity firm Profero cracked DarkBit ransomware encryption, allowing victims to recover files for free.
Good news for the victims of the DarkBit ransomware, researchers at cybersecurity firm Profero cracked the encryption process, allowing victims to recover files for free without paying the ransom.
However, at this time, the company has yet to release the decryptor.
Israel’s National Cyber Directorate linked the DarkBit ransomware operation to the Iran-nexus threat actor MuddyWater APT group.
In 2023, Profero responded to a DarkBit ransomware attack encrypting multiple VMware ESXi servers, suspected as retaliation for Iranian drone strikes. Attackers did not negotiate the ransom, focusing on operational disruption and an influence campaign to harm the victim’s reputation.
