Tag Archive for: decrypt

Hunt Ransomware ([email protected]) – Decrypt Guide & Removal– Gridinsoft Blog

/in


Hunt ransomware is a new sample of the Dharma/CrySis ransomware family that appeared on April 5, 2024. This malware aims at encrypting the files and asking a ransom payment for their decryption. It unselectively targets both home users and corporations, correcting the ransom depending on the target. Jakub Kroustek was the first to discover this malware.

Ransomware remains a major threat, attacking both organizations and individuals. GridinSoft Anti-Malware provides excellent protection even against the most modern malware samples. 👉🏼 Get yourself proper ransomware protection

As I’ve said in the introduction, Hunt is a novice sample of the Dharma ransomware family. Being its part, Hunt ransomware follows its behavior patterns. The most noticeable one for the victim is the application of a complex extension, that contains the victim’s ID, the contact email (bughunt@keemail[.]me) and its .hunt extension. The files start looking as below after the encryption:

image.png → image.png.id-C3B22A85.[[email protected]].hunt
document.docx → document.docx.id-C3B22A85.[[email protected]].hunt

Hunt ransomware files
Encrypted files after the Hunt ransomware attack

Hunt ransomware goes through the entirety of user disks, searching for the files it can encrypt. It is capable of ciphering the vast majority of ones, from images and videos to project files of specific software suites. However, this malware carefully avoids any system files – probably, to prevent system malfunctions that can potentially force the user into reinstalling the system.

Before applying the encryption, this malware disables built-in Windows backup options, such as Restore Points and Shadow Copies. They are rather useful for reverting the system state to pre-encryption, so such action is rather expected. Hunt ransomware uses the command you can see below to accomplish this.

vssadmin delete shadows /all /quiet

After finishing the encryption (i.e. it can’t find more unencrypted files), Hunt ransomware spawns a text file with a ransom note. It also opens an HTA file with the information about with more detailed information about what’s happened and instructions for the ransom payment. You can see the example of this pop-up…

Source…

OpenAI Security Head Suggests ChatGPT Can Decrypt Russian Hacking Group Conversations in Pentagon Event

/in


ChatGPT‘s latest military use proves to be conversation decryption between hackers, as per OpenAI’s head of security, Matthew Knight, in the Pentagon‘s Advantage DoD 2024 event. Knight reportedly explained that the chatbot could decipher a cryptic conversation within a Russian hacking group, first reported by the Washington Post.

As explained by Knight, deciphering the conversation was a task that even their Russian linguist had difficulty with, but he claims that GPT-4 succeeded in doing so. The conversations between the hackers were reportedly in “Russian shorthand internet slang.” The showcase comes as a part of the Pentagon’s AI symposium showcasing viable uses of AI in the military.

Microsoft-Backed OpenAI Hits $80 Billion Valuation in Groundbreaking Deal

(Photo : MARCO BERTORELLO/AFP via Getty Images)
A photo taken on October 4, 2023 in Manta, near Turin, shows a smartphone and a laptop displaying the logos of the artificial intelligence OpenAI research laboratory and ChatGPT robot.

Panel discussions at the symposium feature representatives from well-known tech companies besides OpenAI’s Knight, such as Dr. Scott Papson, Principal Solutions Architect of Amazon Web Services, and Dr. Billie Rinaldi, Responsible AI Division Lead of Microsoft’s Strategic Missions and Technologies Division.

The event proves to be a glimpse into the future uses of AI in the military. One was hinted at by the chief technology officer of Palantir Technologies and Pentagon contractor, Shyam Sankar. Samkar comments that using ChatGPT as a chatbot is a “dead end,” further noting that the technology will likely be used for developers and not for end users. 

Read Also: China, Russia Agree to Coordinate AI Use in Military Technology 

GPT-4 Uses on Military Intelligence

This is not the first time GPT-4’s use for deciphering cryptic messages was discovered, as a Microsoft Study claimed that similar practices have long been employed by state-backed hackers.

The study found that two hacking groups with ties to China are using AI to translate communication with targeted individuals or organizations as well as translate computer jargon and technical publications. 

AI Military Use Concerns

The event also saw industry…

Source…

Data and encryption strategies in a post-quantum world: Harvest now, decrypt later

/in


Paul German, CEO, Certes Networks, explains the risk associated with bulk encryption strategies and the importance of crypto-segmentation in reducing criminal exposure to data in a post-quantum world

It is now inevitable that the encryption algorithms used to secure vital data across the world – from defence and banking to infrastructure and air travel – will be breached. With the escalation in computing power enabled by quantum technology, the question is not if, but when potentially devastating breaches will occur.

With ‘harvest now, decrypt later’ hacking strategies currently in progress, criminals are banking on the power of quantum computing to allow them to unlock huge data resources. The onus is on companies not just to consider the future quantum threat but to determine how best to protect current resources today.

Here, I explain the risk associated with bulk encryption strategies and the importance of crypto-segmentation in reducing criminal exposure to data in a post-quantum world.

A quantum leap

Quantum computing is edging ever closer to reality, with venture capitalists investing almost $1.02 billion in quantum computing start-up companies in 2021 alone. While there is huge excitement around the step change in AI performance, there are issues such as the quantum computing power which could be unleashed– to which the security implications are potentially devastating.

Globally, security experts expect quantum computers to herald the breach of the asymmetric cryptography used to secure everything – from defence to infrastructure. While classical compute power would take billions of years to execute Shor’s Algorithm, which is proven to break the encryption strategies currently in place, the arrival of a quantum computer of sufficient size and complexity totally changes the game.

For companies reviewing security strategies, this post-quantum security threat is not in the future; it is not about considering how to respond when quantum computing becomes available. Criminal organisations globally are embarking upon mass data harvesting and breach schemes today on the basis that even though the information cannot be immediately decrypted, at some point in…

Source…

How to Decrypt Files Encrypted by Ransomware

/in


For any organization struck by ransomware, business leaders always ask “how do we decrypt the data ASAP, so we can get back in business?”

The good news is that ransomware files can be decrypted. The bad news is it doesn’t work most of the time:

  • Paid ransom decryption tools and keys don’t always work.
  • Free decryption tools don’t always work.
  • Paid decryption tools don’t always work.

The best defense and the best option for recovery will always be the availability of sufficient, isolated data backups and a practiced restoration process. However, even with the best planning, organizations can find a few users, machines, or systems that were overlooked or whose backup may be corrupted or encrypted.

What can be done to recover from ransomware attacks when backups are not available?

Also read:

The First Calls After an Attack

First, call the cyber insurance company that issued the organization’s cybersecurity policy. Most insurance companies require specific incident response vendors, procedures, and reporting that must be met to meet the standards to be insured.

Insured companies often will not have options. Instead, the cybersecurity insurance company will take full control, and the insured company will need to follow instructions.

If the organization does not have insurance, then the fastest way to recover is to call an MSSP, incident response specialist, or ransomware recovery specialist. Executives, legal counsel, and law enforcement such as the local office for the FBI or police should also be on the incident response phone list for early contact.

Before Decryption, Block the Attacks

Whether handing off recovery to the insurance company, paid incident response professionals, or attempting recovery in-house, the next steps will generally be the same:

  1. Stop the spread of the ransomware.
  2. Eliminate attacker access.
  3. Begin work on recovery.

Note that decryption is not a consideration until at least step three because the IT team cannot safely attempt any decryption without stopping the spread of ransomware or blocking access that attackers might use to interfere with recovery. These steps are covered in more depth in How to Recover From a…

Source…