Bitcoin-hackers smashed up decryption tool Ryuk ransomware

Recently, cybersecurity researchers alert that paying BTC to take back records data locked by the prolific Ryuk ransomware might still lead to files loss.

It means that most of Ryuk‘s latest victims are stuck between a rock and an exhausting reveal. In the case, they refuse to send their attackers’ Bitcoin, they will lose completely entry to their data, but if they pay, the hackers will furnish them with a decryption tool that not work.

Researchers warn: Bitcoin-hackers smashed up decryption tool Ryuk ransomware

Source: Facebook

Emsisoft – a software company told Hard Fork that the attackers themselves must be responsible for smashing up their personal encryption tool with an update.

Moreover, Emsisoft said via mail ” Evidently, we are hoping to discover out about this as quickly and widely as possible to help the organizations affected can avoid facts loss”.

Too many bytes cut by Ryuk in the decryption now

The company explained that in one of the latest versions of Ryuk, attackers made changes to the way it calculates the scale of clear records data, which created unexpected consequences during decryption.

According to an Emsisoft blog post, it wrote: “For that reason, the decryptor provided by the Ryuk authors will cut records data, and slicing off too many bytes during decrypting the file”. Additionally, “When reckoning on the actual file kind, this is most likely or may no longer mount the main point”.

Besides, researchers shared that in the most productive case scenario, the byte as soon as cleave off is unused, so it is pointless, and could maybe well likely even be decrypted just fine.

Nonetheless, in digital disk types such as VHD/VHDX and many database files (e.g Oracle’s) that final byte stores crucial facts. It’s commonly for larger, high-value aim networks to highlight these types of records data.

This draws that those files can be damaged by the decryption tool of Ryuk and well likely fail to load properly even after they’ve been unlocked by the tool provided by the attackers.

Making frequent backups

Ryuk has assaulted hospitals, nursing homes, colleges, private corporations, state-owned oil refineries, and government institutions across the world over the past year, it requires hundreds of millions of dollars worth of BTC in exchange for access to critical computer systems.

Unfortunately, the people who struck by Ryuk, presently having no way to retrieve files without paying up. Previous analysis run on the malware showed that perps scale their BTC ransoms dependant on the scale of the goal.

Therefore, Emisoft gives advice to Ryuk victims that let’s make copies or backups of any data that have been encrypted, particularly about the decryption tool supplied by the attackers will reportedly delete files it thinks have been neatly unlocked.

In general, creating regular backups of data is really useful in any sense because it will help to reduce the effect of being hit by ransomware.

Another advice is before to run any ransomware decryptor, whether it was provided by a bad actor or by a security company, be sure to back up the encrypted data first. If the tool does not work as expected, you can try again,” said Emsisoft.

Read more:

Follow us on Telegram

Follow us on Twitter

Follow us on Facebook

You might also like