Rhysida Ransomware Cracked & Decrypted

Ransomware is malicious software that is a prominent global cyber security threat. Typically, ransomware encrypts data on a system, rendering the victim unable to decrypt it without the attacker’s private key. Now, Cyber security experts have discovered a vulnerability in Rhysida ransomware that lets them rebuild encryption keys and unscramble documents ciphered by the infamous ransomware.

Security researchers from South Korean Kookmin University,  have identified a vulnerability in the infamous ransomware which provides a way for encrypted files to be unscrambled. 

Rhysida which is known to share overlaps with another ransomware crew called Vice Society, leverages a tactic known as double extortion to apply pressure on victims into paying up by threatening to release their stolen data. Once on a victim's Windows PC, Rhysida malware locates the documents it wishes to scramble, compiles them into a list, and fires up some simultaneous threads to perform that encryption. 

The researchers have described how they exploited an implementation flaw in Rhysida’s code to regenerate its encryption key. 

"Rhysida ransomware employed a secure random number generator to generate the encryption key and subsequently encrypt the data... However, an implementation vulnerability existed that enabled us to regenerate the internal state of the random number generator at the time of infection... We successfully decrypted the data using the regenerated random number generator. To the best of our knowledge, this is the first successful decryption of Rhysida ransomware." 

As a consequence of this work, a Rhysida ransomware recovery tool has been developed and is being distributed to the general public through the Korea Internet and Security Agency (KISA). English language instructions for using the decryption tool have also been made available.

The Rhysida decryptor is just the latest in a line of ransomware recovery tools that have appeared in recent years, but there is a problem. Knowledge of the the researchers' publication of their findings and the  availability of a ransomware recovery tool will  alert the hackers who developed Rhysida about the vulnerability and motivate them to fix it.

Ransomware researchers have a dilemma - if they find a flaw in a ransomware that allows them to decrypt victims' data, they have to consider carefully the consequence of making it more widely known, as announcing the method for recovery and providing a tool will only help the hackers to respond.

KISA:      Arxix:     BitDefender:     Hacker News:    The Register:       Tripwire:

Image: unsplash

You Might Also Read: 

What Lessons Have We Learnt From Recent Ransomware Group Attacks?:

DIRECTORY OF SUPPLIERS - Ransomware Protection:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Iranian Spy Ship Hacked
The Surge In Ransomware & AI Defence Innovations »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Parasoft

Parasoft

Parasoft is an independent software testing and software quality assurance tool and solution vendor.

SecureDevice

SecureDevice

SecureDevice is a Danish IT Security company.

Physec

Physec

Physec offers innovative security products and solutions for the Internet of Things ecosystem.

Alsid

Alsid

Alsid helps corporates to anticipate attacks by detecting breaches before hackers can exploit them.

Hardenite

Hardenite

Hardenite solution helps R&D, DevOps and IT teams to continuously manage security risks and hardening efforts of any Linux OS – based product, throughout the product life cycle.

Slovak National Accreditation Service (SNAS)

Slovak National Accreditation Service (SNAS)

SNAS is the national accreditation body for Slovakia. The directory of members provides details of organisations offering certification services for ISO 27001.

astarios

astarios

astarios provide near-shore software development services including secure software development (DevSecOps), quality assurance and testing.

Data Privacy Office (DPO) - Belarus

Data Privacy Office (DPO) - Belarus

Data Privacy Office is a company that specializes in privacy and personal data protection, following the highest standards in its sector.

Involta

Involta

Involta orchestrates IT transformation journeys using well-defined and rigorous processes to deliver hybrid cloud solutions, consulting and data center services tailored to our clients’ needs.

rSolutions

rSolutions

rSolutions delivers managed cybersecurity services to clients in many industry sectors including financial services, telecommunications, energy, government and retail.

Beyon Cyber

Beyon Cyber

Beyon Cyber offer a complete portfolio of advanced solutions & services for cyber security in Bahrain.

ZainTech

ZainTech

Zaintech is a regional digital & ICT solutions provider offering comprehensive digital solutions and services to enterprise and government customers in the MENA region.

HP Wolf Security

HP Wolf Security

HP Wolf Security protects your organization and devices from cyberattacks no matter where, when or how you work.

Icon Information Systems (ICONIS)

Icon Information Systems (ICONIS)

ICONIS is an integrated infrastructure and service provider, offering unified Information Technology (IT) solutions globally.

CloudBees

CloudBees

CloudBees is building the world’s first end-to-end automated software delivery system, enabling companies to balance governance and developer freedom.

Sherweb

Sherweb

Sherweb are a marketplace of leading cloud solutions and value-added services delivered by a team of passionate experts invested in MSP growth.