The security researcher Michael Gillespie δημιούργησε ένα decrypter που μπορεί να βοηθήσει τα θύματα του Unlock92 ransomware να ανακτήσουν τα αρχεία τους χωρίς να πληρώσουν λύτρα.
Unlock92 is a new version of ransomware first discovered by Malwarebytes S security researcher! Ri yesterday. The ransomware seems to have been developed by Kozy.Jozy's ransomware developer who appeared a week ago.
But while Kozy.Jozy uses a powerful system RSA-2048 algorithm that doesn't let researchers crack its encryption, it seems that its developer decided to make some modifications to the original source code that eventually weakened its defenses.
But let's see what happens with it malware:
To lock the victim's files Unlock92 generates a random hex code 64-character password for each infected user. The files are encrypted with a symmetric AES encryption, and the above RSA-encrypted code is sent to the scammer's server.
Ransomware strikes the following file extensions:
.cd, .ldf, .mdf, .max, .dbf, .epf, .xNUMXcd, .md, .db, .pdf, .ppt, .xls, .doc, .arj, .tar, .1z, .rar .zip, .tif, .jpg, .a, .bmp, .png, .cdr, .psd, .jpeg, .docx, .xlsx, .pptx, .accdb, .mdb, .rtf, .odt ,. ODS, .odb, .odg
Instructions for using decrypter:
"To create the key and IV, you will need an encrypted PNG file (* .png.CRRRT). The smaller the file, the better. The process may take some time, but it will take less than an hour for a small file on most machines. An i7 processor can analyze a 1KB file and find the key in minutes. Just place it in the brute-Forcer, and let it go. Once it finds the key, click the 'Confirm Password' button, then select a folder to decrypt it. "
Of course for more security keep a backup of your encrypted files first.
Although, as mentioned before, Unlock92 has been developed by the same programmer who wrote Kozy.Jozy the decrypter only works for Unlock92.
