Decrypt Key Group Ransomware

Ακόμη και οι διαχειριστές των ransomware κάνουν λάθη, και στην περίπτωση της ς του ransomware the Key Group, ένα κρυπτογραφικό σφάλμα επέτρεψε σε μια ομάδα ερευνητών ασφάλειας να αναπτύξουν και να κυκλοφορήσουν ένα εργαλείο απος για την επαναφορά των κωδικοποιημένων αρχείων.


But the decryptor only works for a specific version of the ransomware built around August 3, according to intel security team EclecticIQ, which spotted the malware developers' mistakes and exploited them to develop a recovery tool using Python.

It's available for free: The EclecticIQ team published a Python script on Thursday in a report on the Russian-speaking gang. Read the details down in Appendix A for the smart script.

If you are a victim of Key Group ransomware, we suggest you read the instructions carefully. If you're lucky the gang won't know the decryption tool is out and won't rewrite it her.

“Key Group's ransomware uses encryption , implemented in C#, using the RijndaelManaged class, which is a symmetric encryption algorithm,” says EclecticIQ researcher Arda Büyükkaya.

It encrypts victims' data using AES in CBC mode using a fixed password with a fixed salt, Büyükkaya said. So this is where the gang messed up: on the fixed password with the fixed salt. This makes it very easy to write a decryption routine for encrypted files.

"The ransomware uses the same AES static key and initialization vector (IV from initialization vector) to reverse-encrypt the victim's data and rename the encrypted files with the keygroup777tg extension," Büyükkaya said. The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new posts by email.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).