A new variant of crypto-ransomware, it seems, is not so much crypto, since it allows its victims to get back their data τους χωρίς να πληρώσουν τα λύτρα που απαιτεί. Το ransomware Scraper φαίνεται ότι έχει ένα ελάττωμα, κάτι που πρακτικά σημαίνει ότι περίπου το 70% των θυμάτων του μπορούν να αποκρυπτογραφήσουν τα αρχεία τους, σύμφωνα με την Kaspersky Labs, τη ρωσική εταιρεία ασφάλειας που δημοσίευσε έναν τρόπο αποκρυπτογράφησης.
Of course, it's much better not to get infected, but those who have not watched can use the utility offered by the company to not pay the 300 dollars claimed by the fraudsters.
Malware Scraper (or TorLocker) first appeared in attacks in Japan last October. The Scraper later appeared in an English version, and encrypts the victim's files by demanding a ransom ($300 or more, depending on how greedy the scammers are, to be paid in BitCoin or the Ukash service), to decrypt them.
More specifically, the malware encrypts almost all of the user's files, documents, videos and files sound, pictures, βάσεις δεδομένων, αντίγραφα ασφαλείας, κλειδιά κρυπτογράφησης εικονικών μηχανών, πιστοποιητικά και άλλα αρχεία σε όλους τους σκληρούς δίσκους αλλά και στο δίκτυο. Επίσης, διαγράφει όλα τα σημεία της επαναφοράς του συστήματος. Το Scraper μολύνει μόνο υπολογιστές με Windows.
User files are encrypted using multiple AES-256 one-time keys, an encryption key for each file. Kaspersky Labs says that somewhere this process went wrong, although other experts have their own theories. In any case, mistakes have clearly been made, otherwise decryption would be impractical.
"Despite the fact that Trojan-Ransom.Win32.Scraper encrypts all files with AES-256+RSA-2048, 70 percent of the cases can be decrypted due to mistakes made when applying the encryption algorithms," Report researchers of Kaspersky, Victor Alyushin and Fedor Sinitsyn.
If you are infected with malicious software, use the Kaspersky tool directly ScraperDecryptor.zip to decrypt your files. The company offers instructions on how to do it do from here.
One thing is for sure: Scammers will find some way to fix their code and release the new update. So Kaspersky's tool probably has an expiration date.