🔒
There are new articles available, click to refresh the page.
Today — 28 October 2021Security Affairs

Avast releases free decrypters for AtomSilo and LockFile ransomware families

27 October 2021 at 23:35

Security firm Avast released today decryptors for AtomSilo and LockFile ransomware that allow victims to recover their files for free.

Cyber security firm Avast has released today decryption utilities for AtomSilo and LockFile ransomware that allow the victims to recover their files for free.

Experts pointed out that AtomSilo and LockFile ransomware only have a few minor differences, for this reason, AVAST provides a single decryptor.

On Oct 17, 2021, researcher Jiří Vinopal announced to have cracked the AtomSilo ransomware by exploiting a vulnerability that allowed him to decrypt files without paying the ransom.

Something big -> I just cracked #AtomSilo – one of the Latest Ransomware Family – More information soon. Stay Tuned. (cde07f39b45b883c861f4d4d0c6afb80)
For more information (Only for trusted Security accounts) DM me.🙏
Please help me to reach more People who could be affected!!!

— Jiří Vinopal (@vinopaljiri) October 17, 2021

Later he announced to have cracked the LockFile ransomware strain.

Just cracked another Ransomware Family (PoC decryptor) where is no free decryptor publicly available. I would like to officially thank @Avast who made it possible – provided people and resources to change my PoC to applicable decrypting tool (soon free available). #NoMoreRansom🙏

— Jiří Vinopal (@vinopaljiri) October 22, 2021

“Both the AtomSilo and LockFile ransomware strains are very similar to each other and except for minor differences, this description covers both of them.” reads the post published by AVAST. “We prepared our very own free Avast decryptor for both the AtomSilo and LockFile strains.”

Avast AtomSilo decryptor-wizard-001

Avast highlights a limitation of the decryption process because its Avast AtomSilo decryptor relies on a known file format in order to verify that the file was successfully decrypted. This implies that some files, such as files with proprietary or unknown format, may not be decrypted.

Avast has released today a decryption tool for Babuk ransomware that allows victims to recover their files for free. The decryptor was created using the leaked source code and decryption keys.

Avast released a free decryptor for the Babuk ransomware here.

Researchers from Bleeping Computer tested the decryptor and determined that it “will likely work only for victims whose keys were leaked as part of the Babuk source code dump.”

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, AtomSilo ransomware)

The post Avast releases free decrypters for AtomSilo and LockFile ransomware families appeared first on Security Affairs.

Yesterday — 27 October 2021Security Affairs

Grief ransomware gang hit US National Rifle Association (NRA)

27 October 2021 at 22:25

Grief ransomware operators claim to have compromised computer systems at US National Rifle Association (NRA) and added it to their leak site.

Grief ransomware operators announced to have hacked US National Rifle Association (NRA) and threaten to leak the stolen data.

The NRA was added to the list of compromised organizations on the leak site of the group, that gang also published a set of documents as proof of the hack. The analysis of the sample doesn’t allow to determine whether the gang breached the organization or one of its branches.

NRA

Researchers link the Grief ransomware to the DoppelPaymer operations that is considered part of the Evil Corp.

Evil Corp has recently launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments.

The Evil Corp cybercrime group (aka the Dridex gang Indrik Spider, the Dridex gang, and TA505) has been active in cybercrime activities since 2007. The group started its operations by developing and distributing the infamous Dridex banking Trojan, then it switched to ransomware operation by infecting victims’ computer networks with the BitPaymer ransomware.

In 2019, the U.S. Department of Justice (DoJ) has charged Russian citizens Maksim V. (32) and Igor Turashev (38) for distributing the infamous Dridex banking Trojan, and for their involvement in international bank fraud and computer hacking schemes.

The US Government announced sanctions for ransomware negotiation firms that will support victims of the Evil Corp group in the ransom payments.

Due to these sanctions, Evil Corp launched several ransomware operations that employed different strains of ransomware, such as WastedLockerHadesPhoenix Locker, and PayloadBin.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, NRA)

The post Grief ransomware gang hit US National Rifle Association (NRA) appeared first on Security Affairs.

Avast released a free decryptor for Babuk ransomware

27 October 2021 at 19:58

Researchers from cybersecurity firm Avast released a decryption tool for Babuk ransomware that allows victims to recover their files for free.

Cybersecurity firm Avast has released a decryption tool for Babuk ransomware that allows victims to recover their files for free. The decryptor was created using the leaked source code and decryption keys.

Based on leaked source code and decryption keys, Avast releases a #free #decryptor for the #Babuk #ransomware. https://t.co/mgixSHzuLm

— Avast Threat Labs (@AvastThreatLabs) October 27, 2021

Babuk is a Russian ransomware, its source code was leaked, along with some of the decryption keys, in September 2021.

The Babuk Locker operators halted their operations at the end of April after the attack against the Washington, DC police department. Experts believe that the decision of the group to leave the ransomware practice could be the result of an operational error, it was a bad idea to threaten the US police department due to the information that it manages.

The ransomware gang broke into the Washington, D.C., Metropolitan Police Department, encrypted its files and demanded a $4 million ransom.

At the end of May, the Babuk ransomware operators rebranded their ransomware leak site into Payload.bin and started offering the opportunity to other gangs to use it to leak data stolen from their victims.

The security research group vx-underground said that a Russian youngster, who is believed to be one of the developers of the Babuk gang, has been diagnosed with terminal cancer and decided to leak the complete Babuk source code for Windows, ESXI, NAS.

Some members of the group gang relaunched the RaaS as Babuk V2.

Once encrypted files, Babuk appends one of the following extensions to the file name:

  • .babuk
  • .babyk
  • .doydo

Avast released a free decryptor for the Babuk ransomware here.

Researchers from Bleeping Computer tested the decryptor and determined that it “will likely work only for victims whose keys were leaked as part of the Babuk source code dump.”

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, cybercrime)

The post Avast released a free decryptor for Babuk ransomware appeared first on Security Affairs.

  • There are no more articles
❌