Jump to content

So you paid a ransom demand … and now the decryptor doesn't work


itman

Recommended Posts

Quote

For C-suite execs and security leaders, discovering your organization has been breached, your critical systems locked up and your data stolen, then receiving a ransom demand, is probably the worst day of your professional life.

But it can get even worse, as some execs who had been infected with Hazard ransomware recently found out. After paying the ransom in exchange for a decryptor to restore the encrypted files, the decryptor did not work.

https://www.theregister.com/2024/09/11/ransomware_decryptor_not_working/

Edited by itman
Link to comment
Share on other sites

21 hours ago, Chas4 said:

https://www.nomoreransom.org/en/decryption-tools.html There is a collection of some decryption tools

If you would have read the full article, the ransomware negotiator the affected organization was using resolved the issue;

Quote

Whatever the reason, the org couldn't access the locked files, and the Hazard ransomware crew disappeared. Eventually, GuidePoint was able to patch the decryptor binary and then brute-forced 16,777,216 possible values until some crucial missing bytes in the cryptographic process were determined, ultimately producing a working tool for decrypting the files.

Edited by itman
Link to comment
Share on other sites

1 hour ago, itman said:

If you would have read the full article, the ransomware negotiator the affected organization was using resolved the issue;

I was just adding another well known collection option for ransomeware decryption run by those in the EU

Link to comment
Share on other sites

17 hours ago, Chas4 said:

I was just adding another well known collection option for ransomeware decryption run by those in the EU

This organization was hit with Hazard ransomware which is a MedusaLocker variant;

Quote

Yea...that's a MedusaLocker variant. Unfortunately it is secure and there is no way to decrypt files without the criminal's master private key.

https://www.bleepingcomputer.com/forums/t/770025/medusal

This article is an example of what could happen when not following established procedure when dealing with ransomware criminals. The established procedure is that you demand the attacker prove that his decryption key will work prior to rendering ransom payment. The attacker responds with a key that will decrypt a few files on the infected device/network. Only then should ransom payment be rendered to receive fully operational decryption key; which again isn't advisable.

Edited by itman
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...