Ransomware Gangs' Slow Decryptors Prompt Victims to Seek Alternatives

josephine

Bardzo aktywny
Zasłużony
Dołączył
14 Czerwiec 2020
Posty
3996
Reakcje/Polubienia
22132
Bleeping Computer: “Ransomware gangs' slow decryptors prompt victims to seek alternatives” - By Lawrence Abrams - May 28, 2021

vcaS4x6.png


Recently, two highly publicized ransomware victims received a decryptor that was too slow to make it effective in quickly restoring the victim's network.

The first was Colonial Pipeline, which paid a $4.4 million ransom for a decryptor after being attacked by the DarkSide ransomware operation.

However, the decryptor was so slow that the company resorted to restoring from backups.

“Once they received the payment, the hackers provided the operator with a decrypting tool to restore its disabled computer network. The tool was so slow that the company continued using its own backups to help restore the system, one of the people familiar with the company’s efforts said,” reported Bloomberg.

The more recent victim is HSE, the national healthcare system of Ireland, which was hit by a Conti ransomware attack but refused to pay a ransom.

Likely, realizing they made a mistake targeting a government agency, they released a free decryptor for the attack.

However, testing the decryptor found it too slow, so HSE worked with New Zealand cybersecurity firm Emsisoft to use their decryptor, which is allegedly twice as fast.

Emsisoft's Universal Decryptor
After learning about Emsisoft's decryptor, BleepingComputer reached out to Emsisoft CTO Fabian Wosar to learn more about how HSE was using it.

While Wosar refused to share information about their work with HSE, he explained that they created their 'Universal Decryptor' after that ransomware operations do a horrible job when decrypting files.

For example, Ryuk ransomware's decryptor was known to have problems decrypting large files, leading to data corruption. Similarly, a bug in Babuk Locker's decryptor caused data loss when decrypting ESXi servers.

In addition to the bugs, Wosar told BleepingComputer that ransomware operations' decryptors are "atrociously slow", which makes them a lot less effective than restoring files from backups.


While Emsisoft's decryptor was designed for data safety, it is also much faster than ransomware gang's decryptors. Since the tool comes from a well-known and respected cybersecurity company, it also eliminates the need to check the threat actor's decryptor for malicious behavior...

Read More:
Zaloguj lub Zarejestruj się aby zobaczyć!
 
Ostatnia edycja:
Do góry