Tag: decryption | Page 3

Free Ransomware Decryption Site Celebrates Milestone as New Threats Emerge

July 30, 2021/in Internet Security

As Europol celebrated the fifth anniversary of its anti-ransomware initiative this week, menacing new ransomware threats made it clear that the fight against cyber threats is never-ending.

The EU law enforcement cooperation agency said its No More Ransom website has saved ransomware victims almost a billion Euros with free ransomware decryption tools.

Europol has launched a new, more user-friendly website. Site visitors are greeted with a simple yes/no question: “Need help unlocking your digital life without paying your attackers?” Users who click “Yes” are directed to Crypto Sheriff, a tool that matches available decryptors to the user’s encrypted files. The site also provides guidance on preventing ransomware attacks. The key advice, however, is straightforward: “Paying the ransom is never recommended.”

No More Ransom was founded in 2016 by the Dutch National Police, Europol, Intel Security and Kaspersky Lab. The project now boasts 16 associate partners, including Emsisoft, Trend Micro, Bitdefender, Avast, Bleeping Computer, Cisco, Check Point, Tesorion, McAfee, ESET, CERT_PL, Eleven Paths, KISA, the French Police, and F-Secure.

In total, 170 public and private sector partners have made 121 tools available for free on the site to decrypt 151 ransomware families. Over the past five years, according to Europol, those decryptors have enabled over six million people to recover their files, blocking criminals from earning as much as a billion euros.

“Digitalization … provides us with the space to store hundreds of thousands of different files: pictures of our kids and pets, electronic tickets, projects, important matrixes we have worked on for weeks, archives filled with decades of knowledge and memories,” Europol said in a statement. “Ransomware enables criminals to steal all this in an instant. That is why it is crucial to beware, be aware and protect your digital world.”

Despite Europol’s efforts, ransomware continues to thrive, with several new threats launching in the past few weeks alone.

Haron and Grief: Rebrands or Copycats?

Zscaler researchers recently examined the newly launched Grief malware, also known as Pay. Grief appears to be a rebranding of…

Source…

Government did not pay ransom for decryption key after HSE hack, says Martin

May 21, 2021/in Internet Security

Micheal Martin wearing a suit and tie: (Julien Behal Photography/PA)

© Julien Behal Photography
(Julien Behal Photography/PA)

The Government did not pay a ransom or use diplomatic channels to obtain a decryption key that could unlock HSE data hit by a ransomware attack, the Taoiseach has said.

The key was made available on Thursday evening almost a week after the IT system was attacked.

The key was given to the Government by the organised crime group behind the cyber attack, but their reasons for doing so remain unclear.

Taoiseach Micheal Martin said: “No payment was made in relation to it at all. The security personnel don’t know the exact reason why the key was offered back.

“In terms of the operation of getting our services back and getting data systems back, it can help. But in itself, the process will still be slow.

“Certainly the decryption key, getting that is good, but in itself it doesn’t really take away from the enormous work that still lies ahead in terms of rebuilding the systems overall.”

He indicated the rebuilding process will be weeks rather than months.

Responding to reports that the criminals responsible intend to start selling and publishing HSE data online from Monday, Mr Martin said: “We’ve always said that the danger is there for data to be dumped.

“But the High Court action, an injunction that the HSE secured, is a very powerful and strong one, which makes it a criminal act to reveal any data that has been illegally obtained or has been stolen from the HSE system.”

The main purpose of the injunction is to put internet companies such as Google and Twitter on notice of a legal prohibition on the sharing and publication of the information.

Mr Martin said: “We are very encouraged and appreciate the collaboration and co-operation from the major social media companies in respect of this entire attack.

“But also in terms of working with us to make sure that any data that is inadvertently put up will be taken down immediately.”

Due to the ransomware attack on our IT systems, there continues to be disruptions to our services. More details on service disruptions here: https://t.co/AaXcK1cwr0 pic.twitter.com/sZ7dfmoMoc

— HSE Ireland (@HSELive) May 20, 2021

He said paying the ransom demanded by the criminals…

Source…

Ziggy ransomware shuts down and releases victims’ decryption keys

February 7, 2021/in Internet Security

Decryptor

The Ziggy ransomware operation has shut down and released the victims’ decryption keys after concerns about recent law enforcement activity and guilt for encrypting victims.

Over the weekend, security researcher M. Shahpasandi told BleepingComputer that the Ziggy Ransomware admin announced on Telegram that they were shutting down their operation and would be releasing all of the decryption keys.

**Shut down announcement by Ziggy admin**

In an interview with BleepingComputer, the ransomware admin said they created the ransomware to generate money as they live in a “third-world country.”

After feeling guilty about their actions and concerns over recent law enforcement operations against Emotet and Netwalker ransomware, the admin decided to shut down and release all of the keys.

Today, the Ziggy ransomware admin posted a SQL file containing 922 decryption keys for encrypted victims. For each victim, the SQL file lists three keys needed to decrypt their encrypted files.

**SQL file containing Ziggy decryption keys**

The ransomware admin also posted a decryptor [VirusTotal] that victims can use with the keys listed in the SQL file.

In addition to the decryptor and the SQL file, the ransomware admin shared the source code for a different decryptor with BleepingComputer that contains offline decryption keys.

Ransomware infections use offline decryption keys to decrypt victims infected while not being connected to the Internet or the command and control server was unreachable.

**Source code for different Ziggy ransomware decryptor**

The ransomware admin also shared these files with ransomware expert Michael Gillespie who told BleepingComputer that Emsisoft would be releasing a decryptor soon.

“The release of the keys, whether voluntarily or involuntarily, is the best possible outcome. It means past victims can recover their data without needing to pay the ransom or use the dev’s decryptor, which could contain a backdoor and/or bugs. And, of course, it also means there’s one less ransomware group to worry about.”

“The recent arrest of individuals associated with the Emotet and Netwalker operation could be causing some actors to get cold feet. If so, we…

Source…

Ransomware victim hacks attacker, turning the tables by stealing decryption keys

October 13, 2019/in Computer Security

A victim of the Muhstik ransomware paid his attackers money to recover his files, but then wrought his revenge by hacking them right back.

Read more in my article on the Tripwire State of Security blog.

Graham Cluley

Tag Archive for: decryption

Haron and Grief: Rebrands or Copycats?