itman 1,751 Posted September 11 Share Posted September 11 (edited) Quote For C-suite execs and security leaders, discovering your organization has been breached, your critical systems locked up and your data stolen, then receiving a ransom demand, is probably the worst day of your professional life. But it can get even worse, as some execs who had been infected with Hazard ransomware recently found out. After paying the ransom in exchange for a decryptor to restore the encrypted files, the decryptor did not work. https://www.theregister.com/2024/09/11/ransomware_decryptor_not_working/ Edited September 11 by itman Quote Link to comment Share on other sites More sharing options...
Chas4 10 Posted September 12 Share Posted September 12 https://www.nomoreransom.org/en/decryption-tools.html There is a collection of some decryption tools Quote Link to comment Share on other sites More sharing options...
itman 1,751 Posted September 12 Author Share Posted September 12 (edited) 21 hours ago, Chas4 said: https://www.nomoreransom.org/en/decryption-tools.html There is a collection of some decryption tools If you would have read the full article, the ransomware negotiator the affected organization was using resolved the issue; Quote Whatever the reason, the org couldn't access the locked files, and the Hazard ransomware crew disappeared. Eventually, GuidePoint was able to patch the decryptor binary and then brute-forced 16,777,216 possible values until some crucial missing bytes in the cryptographic process were determined, ultimately producing a working tool for decrypting the files. Edited September 12 by itman Quote Link to comment Share on other sites More sharing options...
Chas4 10 Posted September 12 Share Posted September 12 1 hour ago, itman said: If you would have read the full article, the ransomware negotiator the affected organization was using resolved the issue; I was just adding another well known collection option for ransomeware decryption run by those in the EU Quote Link to comment Share on other sites More sharing options...
itman 1,751 Posted September 13 Author Share Posted September 13 (edited) 17 hours ago, Chas4 said: I was just adding another well known collection option for ransomeware decryption run by those in the EU This organization was hit with Hazard ransomware which is a MedusaLocker variant; Quote Yea...that's a MedusaLocker variant. Unfortunately it is secure and there is no way to decrypt files without the criminal's master private key. https://www.bleepingcomputer.com/forums/t/770025/medusal This article is an example of what could happen when not following established procedure when dealing with ransomware criminals. The established procedure is that you demand the attacker prove that his decryption key will work prior to rendering ransom payment. The attacker responds with a key that will decrypt a few files on the infected device/network. Only then should ransom payment be rendered to receive fully operational decryption key; which again isn't advisable. Edited September 13 by itman Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.