The security researcher Michael Gillespie δημιούργησε ένα decrypter που μπορεί να βοηθήσει τα θύματα του Unlock92 ransomware να ανακτήσουν τα αρχεία τους χωρίς να πληρώσουν λύτρα.
Unlock92 is a new ransomware variant first discovered by Malwarebytes security researcher S! Ri yesterday. The ransomware appears to have been developed by the developer of the Kozy.Jozy ransomware that surfaced a week agoteam.
But while Kozy.Jozy uses a powerful RSA-2048 algorithm system that does not let the researchers break its encryption, it seems that the developer has decided to make some modifications to the original source code that eventually weakened his defense.
But let's look at what is wrong with malware:
To lock the victim's files, Unlock92 creates a random hexadecimal character password of 64 for each infected user. The files are encrypted with a symmetrical AES encryption, and the above code encrypted with RSA is sent to the fraudster's server.
Ransomware strikes the following file extensions:
.cd, .ldf, .mdf, .max, .dbf, .epf, .xNUMXcd, .md, .db, .pdf, .ppt, .xls, .doc, .arj, .tar, .1z, .rar .zip, .tif, .jpg, .a, .bmp, .png, .cdr, .psd, .jpeg, .docx, .xlsx, .pptx, .accdb, .mdb, .rtf, .odt ,. ODS, .odb, .odg
Instructions for using decrypter:
“To create it key and IV, you will need an encrypted PNG file (*.png.CRRRT). The smaller the file, the better. The process may take some time, but it will be less than an hour for a small file on most machines. An i7 processor can parse a 1KB file and find the key in minutes. You just put it in the brute-forcer, and let it go. Once it finds the key, click on it button 'Confirm Password', then select a folder to decrypt it.
Of course for more security keep a backup of your encrypted files first.
Although, as mentioned before, Unlock92 has been developed by the same programmer who wrote Kozy.Jozy the decrypter only works for Unlock92.
