Ransomware – Decryption Keys released!

mx_security_borderRansomware causes many sleepless nights to companies world-wide, but now decryption codes have risen on the internet to put an end to the nightmare of many versions of malware.

I’ll show you where to find the keys to decrypt your data!

The toolkit EDA2 was originally created to demonstrate how ransomware works. When creating common ransomware, this toolkit can be used as a base.

The author of the toolkit, Utku Sen, implemented a backdoor in his code to prevent abuse.

The developers used EDA2 as a base for the extortion software, and implemented unwittingly a mechanism which makes their own malicious code harmless; the developers of the ransomware did not know about this hidden vulnerability.

Many versions of common ransomware can be decrypted using the following published keys.

A list of the published decryption keys can be found here:

http://pastebin.com/HstqPx62

Further information:
http://www.theregister.co.uk/2016/03/16/locky_ransomware_undone_for_now/

Editor’s note:
In the first release of this article I wrote that this toolkit was used as basis for the ransomware Locky. This statement was based on the article by theregister.co.uk.

This statement was revoked by theregister.co.uk:
These codes are no decryption codes for Locky, but decryption codes for another new ransomware.

 

Advertisements

One comment

  1. Alternatively, you have a nice enterprise storage system with security policies in place that recognizes known file extensions associated with ransomware and blocks those. Even if this does not help, a nice COW file system could allow to revert the data to the pre-encrypted state. Oh, sweet enterprise and next-gen file system features, when will you be standard on the poor end user’s devices?

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s