Image

- Turkish programmer Utku Sen managed to break the encryption of B, a threat devised using his open-source application. In August 2015, Utku Sen published the source code of Hidden Tear, a ransomware program tailored strictly for educational purposes. Since Sen foresaw the probability of scammers abusing his proof-of-concept, he deliberately built a vulnerability into Hidden Tear, so that infected users could recover their data. The researcher says the infection has a backdoor that can be exploited to recover encrypted files.
- FabianWosar has cracked the LeChiffre ransomware. This strain compromised computer networks of several Indian banks, as well as a pharma company, making the victims suffer million-dollar losses. Thankfully, a decrypter is now at the affected users’ disposal. Fabian Wosar from Emsisoft is the one to thank for the solution. According to the researcher, this ransomware was designed by rookies, whom Wosar called: "The scourge of all ransomware authors." It took him less than a day to crack the crypto. Anyone infected can download the recovery app for LeChiffre version 2.6 from Emsisoft's official website. If you need assistance running the tool, you can ask for help in the dedicated Bleeping Computer support topic. Mr. Wosar monitors the thread and gladly responds to questions.
- Shortcomings in the implementation of encryption by TeslaCrypt ransomware allows victims to decode files appended with the following extensions: .ecc, .ezz, .exx, .xyz, .zzz, .aaa, .abc, .ccc and .vvv. The flaw is in the way encryption keys are handled rather than the crypto algorithm itself. A member of the Bleeping Computer came up with a technique to take advantage of TeslaCrypt All it takes to decrypt your files is download the TeslaDecoder tool and follow simple directions. The solution is user-friendly therefore victims needn’t be tech-savvy to recover their decryption key. If some issues occur along the way, users can feel free to post the details in the TeslaDecoder Support Topic.
- NanoLocker ransomware can be cracked, as well. A Canadian security analyst (@cyberclues) has discovered a vulnerability in its code and designed a decrypter. The encryption routine is CPU-intensive, so the computer may appreciably slow down during this process. In case the user notices this performance deterioration and reboots the PC or enters sleep mode, the Trojan discontinues the encryption job and leaves the configuration file in its current state. This config file is where the AES encryption key is stored. The researcher tailored a program that automatically locates this file and retrieves the key to decode the frozen data. The source code for the decrypter is available on GitHub and Google Drive. The expert admits, though, that capturing the necessary data prior to complete encryption may be problematic on personal computers due to a relatively small number of files and hence short time span needed for this activity. In enterprise networks, this task isn’t as challenging because it takes NanoLocker much more time to encode a larger array of files.
- DMA Locker isn’t foolproof either. This new ransomware was first detected in Poland. Malwarebytes experts analyzed several DMA Locker samples and determined that it was poorly designed, most likely by an unprofessional beginner. The researchers have found that this ransomware relies on a custom cryptographic algorithm, although the warning screen says it’s using a mix of AES-256 and RSA-2048. Furthermore, it was easy for the security examiners to reverse engineer the code. A major flaw is that DMA Locker encryption key is incorporated into one of its binaries. Another fail is that the decrypter is built into the ransomware proper.
- Researchers at Cylance managed to retrieve the data encryption password for an Anti-Child Porn Spam Protection ransomware (a variant of ACCDFISA plague). The ransomware transformed every file into an RAR archive. The filename contained recovery instructions. Whereas it appeared impracticable to find weaknesses in the crypto implementation, Cylance experts took efforts to crack the password instead. Attacking the pseudo-random number generator, eventually proved to be successful as the researchers found the password in several days.
- The propagation of ransomware pushes security firms to address it. Whereas signature-based anti-viruses have been playing a catch-up game with these threats, vendors have started to adopt more sophisticated approaches. Behavioral detection is a good example. Emsisoft published a video of how their product detects 20 ransomware samples. Other companies are delivering anti-ransomware features, as well. Malwarebytes Anti-Ransomware, for instance, is currently in beta.
- Criminals are trying to extort ransoms beyond file encryption scenarios only. Several popular premium email providers were hit by severe DDoS attacks accompanied by ransom demands to make the attacks stop. A lot of the targeted companies refused to pay. Public statements of this sort will inspire more people to refrain from paying and make everyone realize it's not a good idea to give into fraudsters’ demands.
- Another promising fact is that not all ransomware is dangerous. A lot of these infections are primitive browser lockers. These are just specific web pages that cannot be closed. They may look like a genuine FBI warning that requires payment. Never pay in these circumstances. You can simply close your browser by terminating its process using Task Manager. Unfortunately, plenty of people are not familiar with these simplistic methods. Raising security awareness should help.
- The Online Trust Alliance (OTA) published its 2016 Data Protection and Breach Readiness Guide. According to this document, 91 percent of data breaches in 2015 were easy to thwart. A lot of these breaches took place due to human errors or lack of security controls in organizations. Timely software patches and basic employee training could have prevented these predicaments.
Image
