HomeTechnologyComputingThis badly made ransomware can't decrypt your files, even if you pay...

This badly made ransomware can’t decrypt your files, even if you pay the ransom

Image: Getty/5m3photos

Victims of a recently discovered form of ransomware are warned not to pay the demanded ransom, simply because the ransomware cannot decrypt files, but instead destroys them.

Coded in Python, Cryptonite ransomware first appeared in October as part of a freely downloadable open-source toolkit – available to anyone with the skills required to deploy it against attacks against Microsoft Windows systems, including phishing attacks is considered the most common mode of delivery.

But analysis of Cryptonite through cybersecurity researchers at Fortinet has discovered that the ransomware only has “barebones” functionality and offers no way to decrypt files at all, even if a ransom is paid.

Also: Cybersecurity: These are the new things to worry about in 2023

Instead, Cryptonite effectively acts as wiper malwaredestroying the encrypted files leaving no possibility to retrieve the data.

But rather than this being a deliberately malicious act of destruction by design, researchers suggest that the reason Cryptonite is doing this is because the ransomware is poorly put together.

A basic design and what is described as a “lack of quality assurance” means that the ransomware does not work properly, because a flaw in the way it is put together means that if Cryptonite crashes or simply closes, there is no way to recover encrypted files. to recover.

There is also no way to run it in decryption-only mode, so every time the ransomware is executed, everything is re-encrypted with a different key. This means that even if there was a way to restore the files, the unique key probably wouldn’t work, leaving no way to restore the encrypted data.

“This example shows how a ransomware’s weak architecture and programming can quickly turn it into a wiper that disallows data recovery,” said Gergely Révay, security researcher at Fortinet’s FortiGuard Labs.

“While we often complain about the increasing sophistication of ransomware samples, we also see that oversimplification and a lack of quality assurance can also lead to significant problems,” he added.

Also: Cybersecurity Jobs: Five Ways to Help You Build Your Career

It is the victim of the ransomware attack that feels these problems as they have no means to restore their network even if they have paid a ransom.

The case of Cryptonite ransomware is also a reminder that paying a ransom is never a guarantee that cyber criminals will provide a decryption key, or that it will work properly.

Cyber ​​agencies, including CISA, the FBI, and the NCSC, advise against paying the ransom because it only serves to encourage and encourage cybercriminals, especially if they can obtain ransomware at a low cost or for free.

The somewhat good news is that it’s now harder for wannabe cybercriminals to get their hands on Cryptonite, as the original source code has been removed from GitHub.

In addition, the simple nature of the ransomware also means that it is easy for antivirus software detectable – so it is recommended to install anti-virus software and keep it up to date.


Must Read
SUSE Delivers Purpose Built Cloud Native Solution to Manage Kubernetes & OSs at the Edge


Please enter your comment!
Please enter your name here

Most Popular

Recent Comments