Rhysida Ransomware Cracked & Decrypted

Uploaded on 2024-02-22 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Ransomware is malicious software that is a prominent global cyber security threat. Typically, ransomware encrypts data on a system, rendering the victim unable to decrypt it without the attacker’s private key. Now, Cyber security experts have discovered a vulnerability in Rhysida ransomware that lets them rebuild encryption keys and unscramble documents ciphered by the infamous ransomware.

Security researchers from South Korean Kookmin University,  have identified a vulnerability in the infamous ransomware which provides a way for encrypted files to be unscrambled. 

Rhysida which is known to share overlaps with another ransomware crew called Vice Society, leverages a tactic known as double extortion to apply pressure on victims into paying up by threatening to release their stolen data. Once on a victim's Windows PC, Rhysida malware locates the documents it wishes to scramble, compiles them into a list, and fires up some simultaneous threads to perform that encryption. 

The researchers have described how they exploited an implementation flaw in Rhysida’s code to regenerate its encryption key. 

"Rhysida ransomware employed a secure random number generator to generate the encryption key and subsequently encrypt the data... However, an implementation vulnerability existed that enabled us to regenerate the internal state of the random number generator at the time of infection... We successfully decrypted the data using the regenerated random number generator. To the best of our knowledge, this is the first successful decryption of Rhysida ransomware." 

As a consequence of this work, a Rhysida ransomware recovery tool has been developed and is being distributed to the general public through the Korea Internet and Security Agency (KISA). English language instructions for using the decryption tool have also been made available.

The Rhysida decryptor is just the latest in a line of ransomware recovery tools that have appeared in recent years, but there is a problem. Knowledge of the the researchers' publication of their findings and the  availability of a ransomware recovery tool will  alert the hackers who developed Rhysida about the vulnerability and motivate them to fix it.

Ransomware researchers have a dilemma - if they find a flaw in a ransomware that allows them to decrypt victims' data, they have to consider carefully the consequence of making it more widely known, as announcing the method for recovery and providing a tool will only help the hackers to respond.

KISA:      Arxix:     BitDefender:     Hacker News:    The Register:       Tripwire:

Image: unsplash

You Might Also Read: 

What Lessons Have We Learnt From Recent Ransomware Group Attacks?:

DIRECTORY OF SUPPLIERS - Ransomware Protection:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Iranian Spy Ship Hacked
The Surge In Ransomware & AI Defence Innovations »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

WIRED

WIRED

WIRED is the magazine about what's next – the people, the trends and the big ideas that will change our lives. Topics covered include cyber security.

JPCERT/CC

JPCERT/CC

JPCERT/CC is the first Computer Security Incident Response Team (CSIRT) established in Japan.

Fox-IT

Fox-IT

Fox-IT prevents, solves and mitigates the most serious cyber threats with smart solutions for governmental bodies, defense, law enforcement, critical infrastructure, banking and large enterprises.

Cyber Defense Agency (CDA)

Cyber Defense Agency (CDA)

Cyber Defense Agency is a premier professional services firm specializing in cyber security, computer network defense, and information security.

Montreal International

Montreal International

You’re an entrepreneur planning to launch a company in an innovative sector such as AI, cybersecurity, 'deeptech' or fintech? You’ve found the right place!

Cybersec Infohub

Cybersec Infohub

Cybersec Infohub is a Hong Kong government programme to enhance the exchange of cyber security information with industry and enterprises to jointly defend against cyber attacks.

NSR

NSR

NSR provide trusted solutions that deliver positive business outcomes for our clients in cybersecurity and data protection challenges.

Sevco Security

Sevco Security

Sevco Delivers Real-time Asset Intelligence to Identify and Close Unknown Security Gaps.

Cybaverse

Cybaverse

Cybaverse (formerly North Star Cyber Security) was founded to create the perfect blend of a Managed Security Service Provider (MSSP) and a Cyber Security Consultancy in one.

NetWitness

NetWitness

NetWitness empowers security teams to rapidly detect today’s targeted and sophisticated attacks with unparalleled visibility.

HEROIC Cybersecurity

HEROIC Cybersecurity

HEROIC’s enterprise cybersecurity services help improve overall organizational security with industry best practices and advanced technology solutions.

Positiwise Software Pvt Ltd

Positiwise Software Pvt Ltd

Positiwise Software offers end-to-end software development solutions to accelerate the digital growth of businesses.

Zeus Cloud

Zeus Cloud

Zeus Cloud provide clients with world-class web hosting services to businesses both big and small.

Skillfield

Skillfield

Skillfield is a Melbourne based Cyber Security and Data Services consultancy and professional services company.

CyberAI Group

CyberAI Group

CyberAI's mission is to pioneer the evolution of the cybersecurity landscape globally, by strategically acquiring and elevating IT consulting firms into leaders of cybersecurity innovation.

Nyx Technology

Nyx Technology

Nyx Technology is your dedicated partner in navigating the intricate world of cyber security, providing you with cutting-edge threat intelligence to safeguard your digital assets.