Decryptor for Akira ransomware released
Two versions of the free Akira ransomware decryptor for Windows have been published by Avast, which advised the use of the 64-bit version due to significant system memory requirements needed for …
Tag Archive for: released
Avast released a free decryptor for Windows version of Akira ransomwareSecurity Affairs
Avast released a free decryptor for the Akira ransomware that can allow victims to recover their data without paying the ransom.
Cybersecurity firm Avast released a free decryptor for the Akira ransomware that can allow victims to recover their data without paying the ransom.
The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate,
Akira is a Windows ransomware with a 64-bit Windows binary, it is written in C++ and uses the Boost library to implement the asynchronous encryption code. The authors used Microsoft Linker version 14.35.
In June 2023, the malware analyst rivitna published a sample of the ransomware that is compiled for Linux. This Linux version is 64-bit and also uses the Boost library, it uses the Crypto++ library instead of Windows CryptoAPI.
“During the run, the ransomware generates a symmetric encryption key using CryptGenRandom(), which is the random number generator implemented by Windows CryptoAPI. Files are encrypted by Chacha 2008 (D. J. Bernstein’s implementation).” reads the report published by Avast.
“The symmetric key is encrypted by the RSA-4096 cipher and appended to the end of the encrypted file. Public key is hardcoded in the ransomware binary and differs per sample.”
The ransomware appends .akira extension to the encrypted files and drops a ransom note named akira_readme.txt in each folder.
The researchers discovered a few similarities between the Akira ransomware and the Conti v2 ransomware, a circumstance that suggests the authors may have used the leaked source code of the Conti ransomware.
The list of similarities includes:
- List of file type exclusions.
- List of directory exclusions.
- The structure of the Akira file tail is equal to the file tail appended by Conti.
The first step is to download the decryptor binary. Avast provides a 64-bit decryptor, as the ransomware is also a 64-bit and can’t run on 32-bit Windows. If you have no choice but to use 32-bit applications, you may download 32-bit decryptor here.
Avast released both a 64-bit decryptor and a 32-bit Windows…
Week in review: MOVEit Transfer critical zero-day vulnerability, Kali Linux 2023.2 released
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
MOVEit Transfer zero-day attacks: The latest info
Progress Software has updated the security advisory and confirmed that the vulnerability (still without a CVE number) is a SQL injection vulnerability in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database.
Penetration tester develops AWS-based automated cracking rig
Building a custom cracking rig for research can be expensive, so penetration tester Max Ahartz built one on AWS. In this Help Net Security interview, he takes us through the process and unveils the details of his creation.
The strategic importance of digital trust for modern businesses
In this Help Net Security interview, Deepika Chauhan, CPO at DigiCert, talks about the importance of maintaining high trust assurance levels for businesses in today’s digital landscape.
Navigating cybersecurity in the age of remote work
In this Help Net Security interview, Jay Chaudhry, CEO at Zscaler, talks about connecting and securing remote employees and their devices to access organizational resources from any location.
Threat actors can exfiltrate data from Google Drive without leaving a trace
Google Workspace (formerly G Suite) has a weak spot that can prevent the discovery of data exfiltration from Google Drive by a malicious outsider or insider, Mitiga researchers say.
Zyxel firewalls under attack by Mirai-like botnet
CVE-2023-28771, the critical command injection vulnerability affecting many Zyxel firewalls, is being actively exploited by a Mirai-like botnet, and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog.
Someone is roping Apache NiFi servers into a cryptomining botnet
If you’re running an Apache NiFi instance exposed on the internet and you have not secured access to it, the underlying host may already be covertly cryptomining on someone else’s behalf.
Kali Linux 2023.2 released: New tools, a pre-built Hyper-V image, a new audio stack, and more!
Offensive Security has released Kali Linux 2023.2, the latest version of its popular penetration testing…
Chrome update released to fix zero-day exploit
Google has this week scrambled to release a new update for its Chrome browser to fix after a number of zero-day exploits have been discovered. If you use Google Chrome browser it is highly recommended that you update your application to the latest versions released for your operating system in the form of
Chrome browser for Windows version : 112.0.5615.137/138
Chrome browser for Mac version : 112.0.5615.137
Chrome browser for Linux version : 112.0.5615.165
Once installed the update will fix a number of exploits including the Google Chrome exploit CVE-2023-2136 the second vulnerability discovered this year in the Chrome browser. For more information jump over to the official Chrome website by following the link below.
Chrome browser update
“Google is aware that an exploit for CVE-2023-2136 exists in the wild. We would like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. The earlier update released on April 18 fixed eight security issues. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
[$8000][1429197] High CVE-2023-2133: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30
[$8000][1429201] High CVE-2023-2134: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30
[$3000][1424337] High CVE-2023-2135: Use after free in DevTools. Reported by Cassidy Kim(@cassidy6564) on 2023-03-14
[$NA][1432603] High CVE-2023-2136: Integer overflow in Skia. Reported by Clément Lecigne of Google’s Threat Analysis Group on 2023-04-12
[$1000][1430644] Medium CVE-2023-2137: Heap buffer overflow in sqlite. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2023-04-05
We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.”
Source : Google
Filed Under: Technology News, Top News
Latest Geeky Gadgets Deals
Disclosure: Some of our articles include affiliate links. If you buy something through…