Thanks to a group of cybersecurity researchers from the Netherlands, a decryption tool for a widespread ransomware variant is now available for free download.
Experts at EclecticIQ discovered a cryptographic flaw in ransomware operator Key Group’s encryptor, which allowed them to build a decryptor, which they then released for free.
The news means that anyone who has fallen victim to this particular ransomware strain can find the script, written in Python this linkand use it to rescue their encrypted files.
Unsophisticated threat actor
It’s worth noting that this decryptor doesn’t work on all versions of the Key Group ransomware variant, but only on some – built “around August 3rd,” the researchers said. As ransomware evolves and new variants and versions appear, they usually come with different encryption mechanisms, making these decryptors useless. This one will also probably be useless soon, once the crooks pick up on this news and modify their code.
Regardless, the researchers called the group, which appears to be of Russian descent, a “low-sophisticated threat actor.”
Lately, ransomware operators have stopped using encryptors and are focusing entirely on data exfiltration. Apparently developing, maintaining and deploying ransomware is too costly and cumbersome, when the same financial results can be achieved simply by stealing data and threatening to release it into the wild. In addition, the deployment of ransomware, especially on critical infrastructure providers, is hugely disruptive and forces law enforcement to act more quickly.
That doesn’t mean hackers will suddenly stop encrypting files. Ransomware is still one of the most popular cyber-attack methods, with Clop, BlackBasta, LockBit, and others causing hundreds of millions of dollars in damage across both the private and public sectors. Companies in the United States are most often attacked, according to figures from Malwarebytes.
Through: The register