Good news for Key Group ransomware victims: Free decryptor out now

Trending 3 weeks ago
  1. Home
  2. Security
  3. Good news for Key Group ransomware victims: Free decryptor out now

Even ransomware operators make mistakes, and successful nan lawsuit of ransomware pack nan Key Group, a cryptographic correction allowed a squad of information researchers to create and merchandise a decryption instrumentality to reconstruct scrambled files.

The decryptor only useful connected a circumstantial type of nan ransomware built astir August 3, according to threat intel supplier EclecticIQ, which spotted nan criminals' mistakes and exploited them to create nan Python-based restoration tool. 

It's disposable for free: EclecticIQ published nan Python book connected Thursday successful a study astir nan Russian-speaking gang. Check retired nan details, and scroll measurement down to Appendix A for nan smart script. 

If you are a Key Group ransomware victim, we'd propose you look into nan supra earlier excessively long, successful lawsuit nan pack catches upwind of nan decryption instrumentality and rewrites its malware accordingly — or changes its business model altogether.

"Key Group ransomware uses AES encryption, implemented successful C#, utilizing nan RijndaelManaged class, which is simply a symmetric encryption algorithm," EclecticIQ interrogator Arda Büyükkaya wrote.

It encrypts victims' information utilizing AES successful CBC mode utilizing a cardinal derived from a fixed password and fixed salt, Büyükkaya said. And this is wherever nan pack screwed up, we're told: that fixed brackish pinch a fixed password. That makes it beautiful trivial to constitute a decryption regular for nan ransomwared files for arsenic you cognize each nan secrets needed to reverse nan encryption.

"The ransomware uses nan aforesaid fixed AES cardinal and initialization vector (IV) to recursively encrypt unfortunate information and alteration nan sanction of encrypted files pinch nan keygroup777tg extension," Büyükkaya said.

  • Got Conti? Here's nan ransomware cure to debar paying up
  • Got Conti? Here's nan ransomware cure to debar paying up
  • Malware loader lowdown: The large 3 responsible for 80% of attacks truthful acold this year
  • FYI: There's different BlackCat ransomware version connected nan prowl

This fixed encryption key, on pinch "multiple cryptographic mistakes," allowed EclecticIQ to reverse technologist nan malware, and create a decryptor for this peculiar version.

Despite its mistakes, nan pack still believes it is utilizing a "military-grade encryption algorithm," and has been telling victims that they person nary action different than paying nan ransom request if they want to reconstruct their data. Such is PR.

The threat intel squad besides describes Key Group, which has only been astir since January, arsenic a "low-sophisticated threat actor," which is beautiful damning.

In summation to nan gang's nationalist Telegram channel, which it uses to discuss ransom payments, EclecticIQ analysts opportunity they've besides seen Key Group usage a backstage Telegram transmission for trading and sharing SIM cards, doxing data, and distant entree to IP camera servers. ®

Related Article

Save the Children feared hit by ransomware, 7TB stolen

Save the Children feared hit by ransomware, 7TB stolen

1 week ago
MGM Resorts shuts down website, computer systems after 'cybersecurity incident'

MGM Resorts shuts down website, computer systems after 'cybersecurity incident'

1 week ago
Huge DDoS attack against US financial institution thwarted

Huge DDoS attack against US financial institution thwarted

1 week ago
Malice in the mail

Malice in the mail

1 week ago
Google warns infoseccers: Beware of North Korean spies sliding into your DMs

Google warns infoseccers: Beware of North Korean spies sliding into your DMs

1 week ago
Safe delivery

Safe delivery

1 week ago

Trending

1. Alex Murdaugh
2. Trevon Diggs
3. WWE releases
4. Joe Jonas
5. Angus Cloud
6. Stock market
7. Brandon Aiyuk
8. Splunk
9. Rupert Murdoch
10. Europa League

Popular Article

OpenAI boss Sam Altman receives Indonesia's first golden visa

OpenAI boss Sam Altman receives Indonesia's first golden visa

1 week ago
Morgan Stanley values Tesla's super-hyped supercomputer at up to $500B

Morgan Stanley values Tesla's super-hyped supercomputer at up to $500B

1 week ago
3 sci-fi movies on Prime Video you need to watch in September

3 sci-fi movies on Prime Video you need to watch in September

1 week ago
Square: Last week’s outage was caused by DNS issue, not a cyberattack

Square: Last week’s outage was caused by DNS issue, not a cyberattack

1 week ago
Iranian hackers backdoor 34 orgs with new Sponsor malware

Iranian hackers backdoor 34 orgs with new Sponsor malware

1 week ago
Billions of 'custobots' are coming online. Marketers may need to learn SEO for AI

Billions of 'custobots' are coming online. Marketers may need to learn SEO for AI

1 week ago
English (US) English (US) · Indonesian (ID) Indonesian (ID) ·
About Us · Contact Us · Terms & Conditions · Disclaimer ·

©2023 PAK MEDIA BLOG.
All Rights Reserved.