Satoshi Nakamoto Blog
Image default
Malware Ransomware

Decryption Tool Developed by Talos for PyLocky Ransomware


A free decryption tool for recovering files that have been encrypted by the PyLocky has been released by Cisco’s Talos Intelligence Group. Written in python PyLocky is ransomware masquerading as a variant of the Locky ransomware.

According to a statement from Talos said there was one requirement: the tool could be used only in cases where the initial PyLocky command and control traffic of an infected machine had been captured.

“If the initial C2 traffic has not been captured, our decryption tool it will not be able to recover files on an infected machine, this is because the initial callout is used by the malware to send the C2 servers information that it uses in the encryption process.” said the researcher Mike Bautista, who developed the tool.

When PyLocky runs on an infected machine, it collects all the information about the machine using WMI wrapper, and generates a random user ID and password.

The ransomware also generated a random initialization vector or IV which was base64 encoded and sent to the C2 server along with the system information collected by PyLocky.

Bautista explained how after obtaining the path of every file on the system, the malware calls the encryption algorithm, passing it the IV and password,”

“Each file is first base64-encoded before it is encrypted. The malware appends the extension ‘.lockedfile’ to each file, it encrypts – for example, the file ‘picture.jpg’ would become ‘picture.jpg.lockedfile’. The original file is then overwritten with the attacker’s ransom note.”

He has asked victims/user to abstain from paying any ransom by the developers of PyLocky, because the recovery of files in such malware is bleak.



Source link

Related posts

New USB-C Technology for Better Protection Against Malware

satoshi

25% Of Spam and Malicious Emails Bypass Security Systems

satoshi

Hackers Abusing Google Translate for Hiding Phishing Website Domains

satoshi

Ukrainian Police Arrest 6 Hackers Linked to DDoS and Financial Attacks

satoshi

A New Vulnerability Puts 100 Million PC Users in Danger

satoshi

Security Researcher Marcus Hutchins, Who Helped Stop WannaCry, Sentenced to Supervised Release

satoshi