Science and Tech

Ransomware ransom paid, but the key doesn’t work due to a bug

The most evil ransomware attack: 800 operations and 18 organ transplants cancelled

For a company that does not do its homework and does not keep backups of its critical data, being attacked by ransomware is a tragedy. Even more so if This ransomware has bugs that prevent it from being decrypted..

We are not going to point the finger at anyone, because most of us probably do not have up-to-date backups. But for a commercial company, the responsibility is greater.

Security company Guidepoint Security tells a story in your blogwhich tells what happened to an anonymous company that decided to pay cybercriminals to decrypt its hijacked hard drives.

Hazard, a ransomware full of bugs

According to Guidepoint, she was hired to mediate with cybercriminals who computers had been hijacked with the Hazard ransomware.

Ransomware encrypts a computer’s hard drives and SSDs to lock it. It then demands a ransom, usually in bitcoins, to unlock the infected computer.

Experts advise not to pay, because many times These cybercriminals receive the money and disappear.But it seems that this company had very valuable data held hostage, so it decided to accept the blackmail.

On this occasion, The kidnappers did give the decryption key when they received the money. But it didn’t work.

When Guidepoint told them about it, they gave them the same key with a different file name, and disappeared.

The security company had the correct key, but it didn’t work, so they decided to investigate to see what was going on with the malware. He discovered that it was a bug.

“A flaw occurred when the threat actor ran multiple encryptors on the same system,” GuidePoint explains. “Each file was encrypted a second time before being renamed with a new extension, resulting in missing bytes in a chunk of data appended to the original file.”

Dangerous malware detected that installs fake extensions in Chrome and Edge, here's how to protect yourself

Three bytes were missing from the original file, which prevented the decryption key from being applied correctly. So they resorted to brute force. They tried all possible combinations of these three bytes until they found the correct one. This allowed them to decrypt the hijacked files.

The story has a happy ending, but luck played a role. If more bytes had been missing, the combinations would have skyrocketed into the billions, and decryption would have been impossible or would have taken years.

Ransomware is very dangerous, even more so if it has a bug. That is why paying the ransom poses a serious risk.

Meet How we work in ComputerHoy.

Tags: Malware

Source link