Cybersecurity researchers at Norton have released a free decryption tool for victims of the Midnight ransomware. The company’s threat research team found a weakness in the malware’s encryption process that makes it possible to recover locked files without paying any ransom.
Midnight is a newly discovered ransomware strain built using the leaked code of the Babuk ransomware. Babuk first appeared in 2021, and after its source code became public, several similar threats were created by different cybercriminal groups. Midnight follows the same pattern but introduces its own encryption methods that contain a critical flaw.
According to Norton, the ransomware attempts to use a mix of ChaCha20 and RSA encryption to lock data. However, a coding error in the RSA implementation made the process vulnerable. Norton’s researchers were able to exploit this issue to design a working decryptor that can safely restore affected files.
Systems infected by Midnight usually have file names ending with “.Midnight” or “.endpoint” and display ransom notes titled “How To Restore Your Files.txt.” Some versions also generate debug logs to track their encryption process.
Norton’s decryptor tool supports both 32-bit and 64-bit Windows systems and includes an option to create backups before starting recovery. The company recommends keeping this feature enabled to prevent data loss.
