1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Free decryptor released for Key Group ransomware

    From TechnologyDaily@1337:1/100 to All on Fri Sep 1 17:15:04 2023
    Free decryptor released for Key Group ransomware

    Date:
    Fri, 01 Sep 2023 16:58:51 +0000

    Description:
    Error allowed cybersecurity pros to create a Key Group ransomware decryptor and save victim's files.

    FULL STORY ======================================================================

    A decryption tool for a widespread ransomware variant is now available to download for free, thanks to a group of cybersecurity researchers from the Netherlands.

    Experts from EclecticIQ discovered a cryptographic error in the encryptor belonging to the Key Group ransomware operator which allowed them to build a decryptor, which they then released for free.

    The news means that everyone who fell victim to this specific ransomware strain can find the script, written in Python, on this link , and use it to salvage their encrypted files. Unsophisticated threat actor

    Its worth mentioning that this decryptor doesnt work on all versions of Key Groups ransomware variant, but only some - built around August 3, the researchers said. As ransomware evolves, and new variants and versions pop
    up, they usually come with different encryption mechanisms, which renders these decryptors useless. This one will probably be useless soon too, once
    the crooks pick up on this news and tweak their code. Read more

    Citrix servers hacked using zero-day exploit


    Hackers are targeting US critical infrastructure using this Citrix
    zero-day


    These are the best malware removal tools around

    In any case, the researchers called the group, which seems to be of Russian origin, a "low-sophisticated threat actor."

    In recent times, ransomware operators have stopped deploying encryptors and are focusing entirely on data exfiltration. Apparently, developing, maintaining, and deploying ransomware is too expensive and too cumbersome, while the same financial results can be achieved by simply stealing data and threatening to release it to the wild. Furthermore, deploying ransomware, especially on critical infrastructure providers, is hugely disruptive and forces law enforcement to act more swiftly.

    That doesnt mean hackers will suddenly stop encrypting files. Ransomware is still one of the most popular cyberattack methods out there, with Clop, BlackBasta, LockBit, and others, causing hundreds of millions of dollars in damages, both in the private, and public sectors. Companies in the United States are most frequently attacked, according to figures from Malwarebytes . Here are the best firewalls to keep your business protected

    Via: The Register



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/free-decryptor-released-for-key-group-r ansomware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)