itman 1,746 Posted Wednesday at 10:48 PM Share Posted Wednesday at 10:48 PM (edited) Quote For C-suite execs and security leaders, discovering your organization has been breached, your critical systems locked up and your data stolen, then receiving a ransom demand, is probably the worst day of your professional life. But it can get even worse, as some execs who had been infected with Hazard ransomware recently found out. After paying the ransom in exchange for a decryptor to restore the encrypted files, the decryptor did not work. https://www.theregister.com/2024/09/11/ransomware_decryptor_not_working/ Edited Wednesday at 10:49 PM by itman Quote Link to comment Share on other sites More sharing options...
Chas4 10 Posted Thursday at 12:12 AM Share Posted Thursday at 12:12 AM https://www.nomoreransom.org/en/decryption-tools.html There is a collection of some decryption tools Quote Link to comment Share on other sites More sharing options...
itman 1,746 Posted Thursday at 07:43 PM Author Share Posted Thursday at 07:43 PM (edited) 21 hours ago, Chas4 said: https://www.nomoreransom.org/en/decryption-tools.html There is a collection of some decryption tools If you would have read the full article, the ransomware negotiator the affected organization was using resolved the issue; Quote Whatever the reason, the org couldn't access the locked files, and the Hazard ransomware crew disappeared. Eventually, GuidePoint was able to patch the decryptor binary and then brute-forced 16,777,216 possible values until some crucial missing bytes in the cryptographic process were determined, ultimately producing a working tool for decrypting the files. Edited Thursday at 09:20 PM by itman Quote Link to comment Share on other sites More sharing options...
Chas4 10 Posted Thursday at 09:38 PM Share Posted Thursday at 09:38 PM 1 hour ago, itman said: If you would have read the full article, the ransomware negotiator the affected organization was using resolved the issue; I was just adding another well known collection option for ransomeware decryption run by those in the EU Quote Link to comment Share on other sites More sharing options...
itman 1,746 Posted Friday at 01:43 PM Author Share Posted Friday at 01:43 PM (edited) 17 hours ago, Chas4 said: I was just adding another well known collection option for ransomeware decryption run by those in the EU This organization was hit with Hazard ransomware which is a MedusaLocker variant; Quote Yea...that's a MedusaLocker variant. Unfortunately it is secure and there is no way to decrypt files without the criminal's master private key. https://www.bleepingcomputer.com/forums/t/770025/medusal This article is an example of what could happen when not following established procedure when dealing with ransomware criminals. The established procedure is that you demand the attacker prove that his decryption key will work prior to rendering ransom payment. The attacker responds with a key that will decrypt a few files on the infected device/network. Only then should ransom payment be rendered to receive fully operational decryption key; which again isn't advisable. Edited Friday at 02:47 PM by itman Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.