Free decryptor released for Key Group ransomware

News
By Sead Fadilpašić
published

Error allowed cybersecurity pros to create a Key Group ransomware decryptor

ID theft
Image credit: Pixabay (Image credit: Future)

A decryption tool for a widespread ransomware variant is now available to download for free, thanks to a group of cybersecurity researchers from the Netherlands.

Experts from EclecticIQ discovered a cryptographic error in the encryptor belonging to the Key Group ransomware operator which allowed them to build a decryptor, which they then released for free. 

The news means that everyone who fell victim to this specific ransomware strain can find the script, written in Python, on this link, and use it to salvage their encrypted files. 

Unsophisticated threat actor

It’s worth mentioning that this decryptor doesn’t work on all versions of Key Group’s ransomware variant, but only some - built “around August 3”, the researchers said. As ransomware evolves, and new variants and versions pop up, they usually come with different encryption mechanisms, which renders these decryptors useless. This one will probably be useless soon too, once the crooks pick up on this news and tweak their code. 

Read more

> Citrix servers hacked using zero-day exploit

> Hackers are targeting US critical infrastructure using this Citrix zero-day

> These are the best malware removal tools around

In any case, the researchers called the group, which seems to be of Russian origin, a "low-sophisticated threat actor."

In recent times, ransomware operators have stopped deploying encryptors and are focusing entirely on data exfiltration. Apparently, developing, maintaining, and deploying ransomware is too expensive and too cumbersome, while the same financial results can be achieved by simply stealing data and threatening to release it to the wild. Furthermore, deploying ransomware, especially on critical infrastructure providers, is hugely disruptive and forces law enforcement to act more swiftly. 

That doesn’t mean hackers will suddenly stop encrypting files. Ransomware is still one of the most popular cyberattack methods out there, with Clop, BlackBasta, LockBit, and others, causing hundreds of millions of dollars in damages, both in the private, and public sectors. Companies in the United States are most frequently attacked, according to figures from Malwarebytes

Via: The Register

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.