TrustWave researchers have successfully made a decryptor for BlackByte victims and now released it for free.
Researchers found that BlackByte ransomware has reused the same AES encryption key for most victims, thus a decryptor drawn from it can be used for unlocking all such encrypted files or machines.
Unlock Your Systems For Free
Started its operations in July this year, BlackByte is a new ransomware group that targets mail servers, security solutions, etc, and disables them before encrypting a device.
Ransomware operations run on an encryption/decryption module, where they choose a target, send a malicious file having their encryption keys, make the target open/run it to get infected. Once picked up, they use a public encryption key (example: RSA key) to lock the files/system and append it to the respective file/system.
This in turn can only be unlocked with the corresponding private key, which is generated during the encryption process. As it’s maintained the ransomware group, only to avail after the victim pays a ransom.
TrustWave researchers have discovered that BlackByte ransomware is downloading a “forest.png” file on every target device. And it’s actually an AES encryption key that’s aimed at encrypting the target’s system. As researchers found that BlackByte was using the same “forest.png” on all victims’ systems, they made a decryptor out of it for all at once.
And now, it posted this on a GitHub page, available for anyone to check and download. Victims should compile the source code of it by themselves before applying. While this is free to use, experts warned that BlackByte may have used rotated keys for a few encrypted systems, which may break the whole system if a wrong decryptor is used.
This public release of free decryptor didn’t go unnoticed though, as BlackByte recognized the availability and posted a warning on its darknet website, as follows;
“We have seen in some places that there is decryption for our ransom. we would not recommend you to use that. because we do not use only 1 key. if you will use the wrong decryption for your system you may break everything, and you won’t be able to restore your system again. we just want to warn you, if you do decide to use that, it’s at your own risk.”
So, it’s recommended to backup your files before proceeding with TrustWave’s decryptor.
Other Trending News:- News