Tag Archive for: decryption
Notorious Maze Ransomware Gang Closes Up Shop And Releases Decryption Keys
Over the past three years the Maze crew ensnared scores of victims with its ransomware. Now, suddenly, Maze seems to have called it quits. They’ve released master decryption keys and destroyed the bulk of the malware’s code.
Image:
Curiously enough the announcement was made on the message boards at Bleeping Computer. They’re a popular and incredibly useful resource for those who are trying to recover from a ransomware infection.
The Maze announcement certainly has the potential to be helpful to the group’s victims. Having access to the master keys allows security researchers to develop decryptors that victims can use to recover their files for free.
In addition to Maze, keys for the Sekhmet and Egregor ransomware were also released. Egregor was launched by the group in September of 2020, a month before Maze operations were shut down. Sekhmet first appeared in the Spring of 2020.
However, as Christopher Boyd of Malwarebytes Labs reported, decryption tools for all three ransomware strains had already been released. Boyd notes that the inclusion of keys is more of an interesting part of the announcement than a breakthrough for those looking to get their files back.
A Question Of Timing
Last February French and Ukranian law enforcement officials made several arrests connected to Egregor. The arrests followed a period of unexpected downtime of Egregor servers, which some in underground forums believed was a sign that its infrastructure had been compromised by the authorities.
The farewell post makes sure to point out that the decision to shut down once and for all was not made because of the arrests.
The poster claims that this was a planned move and that the group has decided to “never return to this kind of activity.”
It sounds encouraging enough to hear an alleged spokesperson to say that a crew that’s responsible for scores of attacks that targeted law firms, municipalities, construction companies and pretty much any other entity with the ability to pay high-dollar ransoms.
That said, the Maze group already claimed it was riding off into the sunset once. This could turn out to be more of an “until we meet again” than a real…
Free ‘REvil’ Decryption Software Will Be Available For People Whose Computers Are Encrypted Before July 13
REvil ransomware affected many users around the world, especially when it struck Kaseya over the past months. The common modus of the gang behind the REvil attack is to make the victim pay the ransom before the group decrypts the system.
Now, BitDefender released a free decryption tool for the victims who were previously hit by the REvil malware.
Free Decryption Tool For REvil Ransomware
(Photo : Sigmund from Unsplash)
For those users who were affected by the previous REvil ransomware attacks, you can use a free decryption tool made by Bitdefender.
Dealing with malware like in the case of REvil could be difficult for users who have little to no knowledge about dealing with it.
REvil ransomware gang is notorious for forcing its victims to pay corresponding money in exchange for a master decryptor tool for their computers.
Cybersecurity firm Bitdefender confirmed that it has released the latest decryption software for REvil.
The good news is the victims can get it for free.
Bitdefender made it possible through the help of an unknown agency concerned with law enforcement. When the Romania-headquartered firm was asked about the specific name of its collaborator, it declined to comment.
The company has been tight-lipped on how it arrived with a free master decryption key for all REvil victims. It only said that there was an ongoing investigation about the malware.
The REvil decryption software could be used by those people who were hit by the malware, but there’s a catch. Those who have their computers encrypted by the malware before July 13 should be able to use it.
Bitdefender Warns Users About Returning REVil Attacks
According to a report by SlashGear on Friday, Sept.17, Bitdefender shared that the Ransomware-as-a-Service (RaaS) operator of REvil could possibly come from a CIS nation.
Furthermore, the dangerous malware began in 2019 when it has become proxy ransomware of the GandCrab, which was now non-existent.
However, the attacks linked to this malware were reportedly happening once again.
Most importantly, REvil ransomware dwells on the depths of the dark web to infect many tech companies.
You can download the free decryption software…
SynAck ransomware group releases decryption keys as they rebrand to El_Cometa
The SynAck ransomware gang has released decryption keys for victims that were infected between July 2017 and 2021, according to data obtained by The Record.
SynAck is in the process of rebranding itself as the El_Cometa ransomware gang and a member of the old group gave the keys to The Record.
Emsisoft’s Michael Gillespie confirmed the veracity of the decryption keys and said they are working on their own decryption utility that they believe will be “safer and easier to use” because there are concerns that SynAck victims may damage their files further using the provided keys.
Ransomware expert Allan Liska told ZDNet that the SynAck ransomware group started right before Ransomware-as-a-service began to take off in 2018.
“So they never outsourced their ransomware activities. While they continued attacks, there weren’t nearly as many as groups like Conti or REvil were able to conduct, so they got lost in the shuffle,” Liska said. “They also didn’t hit any really big targets.”
A Kaspersky Lab report in 2018 said SynAck differentiated itself in 2017 by not using a payment portal and instead demanding victims arrange payment in Bitcoin through email or BitMessage ID.
They generally demanded ransoms around $3,000 and gained notoriety for using the Doppelgänging technique, which targets the Microsoft Windows operating system and is designed to circumvent traditional security software and antivirus solutions by exploiting how they interact with memory processes.
There is little data on victims of the ransomware group but Kaspersky Lab researchers said they observed attacks by the gang in the US, Kuwait, Germany and Iran.
“The ability of the Process Doppelgänging technique to sneak malware past the latest security measures represents a significant threat; one that has, not surprisingly, quickly been seized upon by attackers,” said Anton Ivanov, lead malware analyst at Kaspersky Lab.
“Our research shows how the relatively low profile, targeted ransomware SynAck used the technique to upgrade its stealth and infection capability. Fortunately, the…