Nibiru ransomware variant decryptor
Nikhil Hegde developed this tool.
Weak encryption
The Nibiru ransomware is really a .NET-centered malware family. It traverses web directories in the neighborhood disks, encrypts documents with Rijndael-256 and provides them a .Nibiru expansion. Rijndael-256 is a protected encryption algorithm. Nevertheless, Nibiru runs on the hard-coded string “Nibiru” to compute the 32-byte crucial and 16-byte IV values. The decryptor plan leverages this weakness to decrypt data files encrypted by this variant.