Broken Ransomware Permits to Retrieve Locked Data

ZDNet.com published news on 10th April, 2015 quoting experts as saying "a new thread of ransomware has been cracked permitting victims to avoid payment and get access to their bolted data."

The ransomware dubbed Scraper which is initially called 'Torlocker' was given the name as Trojan-Ransom.Win32.Scrape. The Scraper first appeared in an attack against Japanese users during last October.

The malware encrypts the office documents, audio and video files, archives, images, backup copies, databases, certificates, virtual machines encryption keys and other files on all hard and network drives. It also deletes all recovery points of the system. Later the Scraper appeared in English language demanding a ransom amount of ($300 or more payable in Bitcoin or UKash) to decrypt the encrypted documents or files.

The files of the user are encrypted with AES-256 with one-time key generated randomly; a separate encryption key is created for each file.

To boost the user to pay ransom amount to owners of Trojan, the Trojan threatens to remove the private key which is required to decrypt the files in case the user was not able to send money within a stipulated time.

According to security firm Kaspersky, the Scraper ransomware has a fault which means that in around 70% cases, decryption of files is possible.

Theregister.co.uk published news on 10th April, 2015 stating that Kaspersky Labs does not claim to know about the wrong process though other experts have their own theories but in any case, it is clear that mistakes have been made otherwise recovery would not have been possible.

Unfortunately, ransomware has become a renowned method to collect money from victims who unintentionally download the ransomware. The fear factor arises from ransomware frequently concealing as law implementing agencies and contending that the victim has been watching illegal content or similar and a set time can be frightening forcing a victim to pay ransom rather than lose his files.

A new variant of Cryptolocker ransomware targeted gamers in March. It is dubbed as TeslaCrypt and strain affects data files for games dispersed on hijacked websites and employs the Angler exploit kit to lock machines and demand ransom.

» SPAMfighter News - 4/20/2015