On May 21st, a security researcher who goes by the name Thyrex received a link to a ZIP file that supposedly contained a decryptor for the [email protected] variant of the AES-NI Ransomware. After examining the file, Thyrex posted a. link to the file in our AES-NI Support Topic so that. victim’s could hopefully use it to recover their files. The developer of the XData ransomware, who has been silent for a while, reached out today to various researchers and BleepingComputer to announce he was back. In conversations with Bleeping.Computer, the AES.NI developer admitted that he was the one who leaked the keys to Thyrex.
Source: https://www.bleepingcomputer.com/news/security/aes-ni-ransomware-dev-releases-decryption-keys-amid-fears-of-being-framed-for-xdata-outbreak/