1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Kaspersky releases decryption tool for Polyglot ransomware

Discussion in 'Ransomware Decrypters' started by starbuck, Oct 4, 2016.

  1. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    If you refuse to pay up, the malware vanishes from your PC -- but leaves everything fully encrypted.

    ccff04abeab4789346127853d6b33352.jpg

    Kaspersky has released a decryption tool for the Polyglot ransomware to assist victims in recovering their files without giving in and paying a fee.

    On Monday, the cybersecurity firm launched the free tool (.ZIP), which is suitable for the Polyglot Trojan which is also known as MarsJoke, a strain which has been linked to attacks on government targets.

    Ransomware is a particularly nasty kind of malware which has hit the headlines over the past year after targeting victims including businesses, hospitals, and universities. What makes the malware strain particularly devastating -- for organizations and the general public alike -- is its ability to take away access to files and content stored on a compromised machine.

    Once ransomware such as MarsJoke, Cerber, or CTB-Locker is downloaded and executed -- often finding its way onto a PC through phishing emails or malicious links -- the ransomware encrypts files and in some cases, full hard drives.

    Once the victim can no longer access their machine, a holding page informs them that they must pay a "fee" in return for a decryption key which will release their content back to them.

    Polyglot infects PCs through spam emails which have malicious RAR archives attached. When infecting a machine, this family of ransomware blocks access to files and then replaces the victim's desktop wallpaper with the ransom demand, which is made in virtual currency Bitcoin.

    Many types of ransomware will simply sit on the machine for the payment to be made.
    However, Polyglot insists on a payment deadline and if the blackmail fails and no money is sent to the operators, the malware will delete itself -- leaving behind a machine with encrypted files and no way to retrieve them.

    Until now, at least.
    Kaspersky's tool will decrypt these machines and unlock user data.

    According to the security firm, although Polyglot looks similar to the severe CTB-Locker ransomware, the malware uses a weak encryption key generator. On a standard home PC, it takes less than a minute to brute-force the full set of possible Polyglot decryption keys -- which gives you an idea of actually how weak the malware is.

    This weakness also provided a path for Kaspersky to exploit to create the decryption tool.

    Anton Ivanov, senior malware analyst at Kaspersky Lab commented:

    If you are suffering from a different type of ransomware, it is worth checking out the No More Ransom project to see which decryption tools are available to you.
    The project is a joint initiative between Kaspersky Lab, the National High Tech Crime Unit of the Netherlands' police, Europol's European Cybercrime Centre, and Intel Security, designed to help users recover their data without giving into the cybercriminals and paying up.


    Source:
    http://www.zdnet.com/article/one-mo...tool-for-polyglot-ransomware/#ftag=RSSbaffb68
     
  2. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,062
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Cool
     

Share This Page