Rhysida Ransomware Cracked & Decrypted

Uploaded on 2024-02-22 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Ransomware is malicious software that is a prominent global cyber security threat. Typically, ransomware encrypts data on a system, rendering the victim unable to decrypt it without the attacker’s private key. Now, Cyber security experts have discovered a vulnerability in Rhysida ransomware that lets them rebuild encryption keys and unscramble documents ciphered by the infamous ransomware.

Security researchers from South Korean Kookmin University,  have identified a vulnerability in the infamous ransomware which provides a way for encrypted files to be unscrambled. 

Rhysida which is known to share overlaps with another ransomware crew called Vice Society, leverages a tactic known as double extortion to apply pressure on victims into paying up by threatening to release their stolen data. Once on a victim's Windows PC, Rhysida malware locates the documents it wishes to scramble, compiles them into a list, and fires up some simultaneous threads to perform that encryption. 

The researchers have described how they exploited an implementation flaw in Rhysida’s code to regenerate its encryption key. 

"Rhysida ransomware employed a secure random number generator to generate the encryption key and subsequently encrypt the data... However, an implementation vulnerability existed that enabled us to regenerate the internal state of the random number generator at the time of infection... We successfully decrypted the data using the regenerated random number generator. To the best of our knowledge, this is the first successful decryption of Rhysida ransomware." 

As a consequence of this work, a Rhysida ransomware recovery tool has been developed and is being distributed to the general public through the Korea Internet and Security Agency (KISA). English language instructions for using the decryption tool have also been made available.

The Rhysida decryptor is just the latest in a line of ransomware recovery tools that have appeared in recent years, but there is a problem. Knowledge of the the researchers' publication of their findings and the  availability of a ransomware recovery tool will  alert the hackers who developed Rhysida about the vulnerability and motivate them to fix it.

Ransomware researchers have a dilemma - if they find a flaw in a ransomware that allows them to decrypt victims' data, they have to consider carefully the consequence of making it more widely known, as announcing the method for recovery and providing a tool will only help the hackers to respond.

KISA:      Arxix:     BitDefender:     Hacker News:    The Register:       Tripwire:

Image: unsplash

You Might Also Read: 

What Lessons Have We Learnt From Recent Ransomware Group Attacks?:

DIRECTORY OF SUPPLIERS - Ransomware Protection:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Iranian Spy Ship Hacked
The Surge In Ransomware & AI Defence Innovations »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Blue Frost Security

Blue Frost Security

Blue Frost Security provides high-level IT security consulting, penetration testing services, ISO 27001 Solutions, PCI compliance solutions and training.

Allgress

Allgress

Allgress solutions converge disparate risk silos across enterprise networks and automate governance, risk and compliance management processes.

ClickDatos

ClickDatos

ClickDatos specializes in consulting, auditing, data protection training, accredited by ISO/IEC 27001 certification.

Cyber 2.0

Cyber 2.0

Cyber 2.0 is the only system in the world that blocks all forms of cyber attack within the organization, including new and unfamiliar attack methods.

RIPS Technologies

RIPS Technologies

RIPS Technologies delivers automated security analysis for PHP applications as platform independent software or highly scalable cloud service.

Future of Cyber Security Europe

Future of Cyber Security Europe

Future of Cyber Security Europe is a European wide event examining the latest cyber security strategies and technologies.

Finnish Accreditation Service (FINAS)

Finnish Accreditation Service (FINAS)

FINAS is the national accreditation body for Finland. The directory of members provides details of organisations offering certification services for ISO 27001.

u-blox

u-blox

u-blox deliver leading wireless technology to reliably and securely locate and connect people and devices.

DDOS-Guard

DDOS-Guard

DDoS-GUARD is one of the leading service providers on the global DDoS protection and content delivery markets.

Pixm

Pixm

Pixm’s computer vision based approach offers a truly unique and effective means to protect organizations from web-based phishing attacks.

e-Careers

e-Careers

e-Careers is an edtech institution that provides industry recognised courses and up-skilling solutions to individuals and organisations.

Hexens

Hexens

Hexens introduces a whole new approach to cybersecurity solutions. Indisputable skills and a unique super-focused perspective on every single case are the values we create.

TOTM Technologies

TOTM Technologies

TOTM Technologies provides end-to-end identity management and biometrics products, powering Digital identity and Digital onboarding solutions.

Prembly

Prembly

Prembly are a compliance and security infrastructure company.

RADICL

RADICL

RADICL's mission is to give SMBs that serve America's Defense Industrial Base (DIB) access to strong, enterprise-grade cyber security protection.

CYTUR

CYTUR

CYTUR provide trusted and secured maritime cybersecurity solutions to keep ships safe, protecting them, their crews, cargo and all stakeholders from maritime cyber threats.