- Unlocking the Privacy Advantage to Build Trust in the Age of AI
- ICO Apologizes After Data Protection Response Snafu
- ¿Recuerdas cuando los desarrolladores reinaban? El mercado de la codificación de software se debilita
- Who’s driving ransomware’s accelerated growth in 2025
- 퀄컴, 베트남 빈AI의 생성형 AI 부문 ‘모비안AI’ 인수··· AI 솔루션 고도화 박차
Nibiru ransomware variant decryptor – Cisco Blogs

Nikhil Hegde developed this tool.
Weak encryption
The Nibiru ransomware is a .NET-based malware family. It traverses directories in the local disks, encrypts files with Rijndael-256 and gives them a .Nibiru extension. Rijndael-256 is a secure encryption algorithm. However, Nibiru uses a hard-coded string “Nibiru” to compute the 32-byte key and 16-byte IV values. The decryptor program leverages this weakness to decrypt files encrypted by this variant.
Share: