{
	"id": "60cbb6f7-d251-4dbd-82a8-36d628765570",
	"created_at": "2026-04-06T00:13:10.841263Z",
	"updated_at": "2026-04-10T03:21:56.368555Z",
	"deleted_at": null,
	"sha1_hash": "704dd006806c8e2a266d9b9a69da80a9a1a2c139",
	"title": "AstraLocker decryptor",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 48360,
	"plain_text": "AstraLocker decryptor\r\nPublished: 2022-07-07 · Archived: 2026-04-05 18:48:00 UTC\r\nPlease note that these free tools are provided as-is and without warranty of any kind. The tools may only work\r\nwith specific ransomware versions, and may not work with versions that were released after a tool was created.\r\nTechnical support for the tools is available only to customers using a paid Emsisoft product.\r\nAstraLocker is a ransomware based on the leaked Babuk source code, and encrypts files using a modified HC-128\r\nencryption algorithm, and Curve25519. The extension \".Astra\" or \".babyk\" is appended to files.\r\nBelow is an example ransom note \"How To Restore Your Files.txt\":\r\n ..;===+.\r\n .:=iiiiii=+=\r\n .=i))=;::+)i=+,\r\n ,=i);)I)))I):=i=;\r\n .=i==))))ii)))I:i++\r\n +)+))iiiiiiii))I=i+:'\r\n .,:;;++++++;:,. )iii+:::;iii))+i='\r\n .:;++=iiiiiiiiii=++;. =::,,,:::=i));=+'\r\n ,;+==ii)))))))))))ii==+;, ,,,:=i))+=:\r\n ,;+=ii))))))IIIIII))))ii===;. ,,:=i)=i+\r\n ;+=ii)))IIIIITIIIIII))))iiii=+, ,:=));=,\r\n ,+=i))IIIIIITTTTTITIIIIII)))I)i=+,,:+i)=i+\r\n ,+i))IIIIIITTTTTTTTTTTTI))IIII))i=::i))i='\r\n ,=i))IIIIITLLTTTTTTTTTTIITTTTIII)+;+i)+i`\r\n =i))IIITTLTLTTTTTTTTTIITTLLTTTII+:i)ii:'\r\n +i))IITTTLLLTTTTTTTTTTTTLLLTTTT+:i)))=,\r\nhttps://www.emsisoft.com/ransomware-decryption-tools/astralocker\r\nPage 1 of 3\n\n=))ITTTTTTTTTTTLTTTTTTLLLLLLTi:=)IIiii;\r\n .i)IIITTTTTTTTLTTTITLLLLLLLT);=)I)))))i;\r\n :))# ASTRA LOCKER 2.0 #);=)\r\n :i)IIITTTTTTTTTLLLHLLHLL)+=)II)ITTTI)i=\r\n .i)IIITTTTITTLLLHHLLLL);=)II)ITTTTII)i+\r\n =i)IIIIIITTLLLLLLHLL=:i)II)TTTTTTIII)i'\r\n +i)i)))IITTLLLLLLLLT=:i)II)TTTTLTTIII)i;\r\n +ii)i:)IITTLLTLLLLT=;+i)I)ITTTTLTTTII))i;\r\n =;)i=:,=)ITTTTLTTI=:i))I)TTTLLLTTTTTII)i;\r\n +i)ii::, +)IIITI+:+i)I))TTTTLLTTTTTII))=,\r\n :=;)i=:,, ,i++::i))I)ITTTTTTTTTTIIII)=+'\r\n .+ii)i=::,, ,,::=i)))iIITTTTTTTTIIIII)=+\r\n ,==)ii=;:,,,,:::=ii)i)iIIIITIIITIIII))i+:'\r\n +=:))i==;:::;=iii)+)= `:i)))IIIII)ii+'\r\n .+=:))iiiiiiii)))+ii;\r\n .+=;))iiiiii)));ii+\r\n .+=i:)))))))=+ii+\r\n.;==i+::::=)i=;\r\n,+==iiiiii+,\r\n`+=+++;`\r\nWhat happend?\r\n----------------------------------------------\r\nAll Your files has been succesfully encrypted by AstraLocker 2.0\r\nCan I get My files back?\r\n----------------------------------------------\r\nSure! But You need special decryptor for that.\r\nYou will get decryptor after paying.\r\nWhat can I do to get my files back?\r\n----------------------------------------------\r\nYou can buy my decryption software, this software will allow you to recover all of your data and remove the Rans\r\nThe price for the software is about 50$ (USD). Payment can be made in Monero, or Bitcoin (Cryptocurrency) only.\r\nWhat guarantees?\r\n----------------------------------------------\r\nI value my reputation. If i do not do my work and liabilities, nobody will pay me. This is not in my interests.\r\nAll my decryption software is perfectly tested and will decrypt your data.\r\nHow do I pay, where do I get Monero or Bitcoin?\r\n----------------------------------------------\r\nPurchasing Monero or Bitcoin varies from country to country, you are best advised to do a quick Google search\r\nyourself to find out how to buy Monero or Bitcoin.\r\nAmount of Bitcoin to pay: 0,0012 (Bitcoin)\r\nor\r\nAmount of Monero to pay: 0,30 (XMR)\r\nhttps://www.emsisoft.com/ransomware-decryption-tools/astralocker\r\nPage 2 of 3\n\nWhere i can pay?\r\n----------------------------------------------\r\nMonero Address:\r\n47moe29QP2xF2myDYaaMCJHpLGsXLPw14aDK6F7pVSp7Nes4XDPMmNUgTeCPQi5arDUe4gP8h4w4pXCtX1gg7SpGAgh6qqS\r\nBitcoin Addres:\r\nbc1qpjftnrmahzc8cjs23snk2rq0vt6l0ehu4gqxus\r\nContact\r\n----------------------------------------------\r\nAfter payment contact:\r\nastralocker2@tutanota.com\r\nWarning! If you report these emails, they may be suspended and NOBODY gets help.\r\nIt is in Your INTEREST to get the decryptor.\r\nDo NOT:\r\n1)Change the extension of the files. You will harm it.\r\n2)Move encrypted files\r\n3)Try to recover files by Yourself. It is impossible. Your files are encrypted with Curve25519 encryption algori\r\n4)Report to authoritaries. If You do it, key will be deleted, and Your files will be useless forever.\r\nSource: https://www.emsisoft.com/ransomware-decryption-tools/astralocker\r\nhttps://www.emsisoft.com/ransomware-decryption-tools/astralocker\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.emsisoft.com/ransomware-decryption-tools/astralocker"
	],
	"report_names": [
		"astralocker"
	],
	"threat_actors": [],
	"ts_created_at": 1775434390,
	"ts_updated_at": 1775791316,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/704dd006806c8e2a266d9b9a69da80a9a1a2c139.pdf",
		"text": "https://archive.orkl.eu/704dd006806c8e2a266d9b9a69da80a9a1a2c139.txt",
		"img": "https://archive.orkl.eu/704dd006806c8e2a266d9b9a69da80a9a1a2c139.jpg"
	}
}