1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Two Free Decrypters Available for WildFire Ransomware

Discussion in 'Ransomware Decrypters' started by starbuck, Aug 26, 2016.

  1. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Intel McAfee & Kaspersky both provide free decryption tools

    5e0fc1d6dea24164c6fb841a63c5ac13.png

    Intel McAfee and Kaspersky have published two decrypters that can unlock files encrypted during WildFire ransomware infections.

    Both tools are available for download via the NoMoreRansom website, a collaboration between the two companies, the Dutch police, and the Europol European Cybercrime Centre (EC3)

    WildFire appeared in the spring and targeted only the Netherlands

    WildFire is a ransomware that was first spotted in mid-April, under the name GNL and then Zyklon.
    The ransomware rebranded at the end of May, taking the current WildFire name, which it still uses.

    During June, and later July, WildFire devs started a series of massive spam floods to distribute their ransomware, mostly targeting users living in the Netherlands.

    Security researcher MalwareHunterTeam told Softpedia that Wildfire ransomware campaigns continued in the month of August, even if not reported by security vendors as the initial wave of spam.

    Based on data Softpedia received from MalwareHunterTeam, and from a later OpenDNS analysis, we presumed that Russian developers are behind this new ransomware variant.

    Dutch police confiscate WildFire C&C servers

    At the time it was discovered, security researchers said the ransomware wasn't decryptable because it featured a solid encryption scheme.

    Researchers investigating this threat caught a lucky break when the crooks behind WildFire decided to register custom Dutch domains and host servers in the Netherlands.

    "By working together with the police on this case, we had something much better in our hands: The botnetpanel code!" said Kaspersky's Jornt van der Wiel.

    After police confiscated the crooks' servers and gained access to the ransomware's decryption keys, researchers created two free WildFire decrypters.
    Further, because they had access to the C&C server statistics, security researchers concluded that during the last 31 days, WildFire infected 5,309 computers, with 236 users paying the ransom.
    WildFire authors made 136 Bitcoin ($79,000).

    Below is a screenshot of Kaspersky's tool.
    The decrypter created by Intel McAfee is a command-line utility and might be too advance for non-technical users.

    36468c6c54196b46c676cf351cf609d5.png


    Source:
    http://news.softpedia.com/news/two-free-decrypters-available-for-wildfire-ransomware-507572.shtml
     
    starbuck, Aug 26, 2016
    #1

Share This Page