A new variant of crypto-ransomware, it seems, is not so much crypto, since it allows its victims to get their data back without paying the ransom it demands. Scraper ransomware appears to have a flaw that practically means around 70% of its victims can decrypt their files, according to Kaspersky Labs, the Russian security firm that published a way toencryptions.
Of course, it's a lot better not to get infected, but those who were not careful, can use the utility offered by the company to avoid paying the 300 dollars demanded by the scammers.
The malware Scraper (or TorLocker) first appeared in attacks in Japan last October. The Scraper later appeared in an English version, and encrypts the victim's files requiring a ransom (300 dollars or more, depending on the rogue greed to be paid to BitCoin or Ukash) to decrypt them.
Πιο συγκεκριμένα, το κακόβουλο software κρυπτογραφεί σχεδόν όλα τα αρχεία του χρήστη, έγγραφα, βίντεο και αρχεία ήχου, εικόνες, βάσεις δεδομένων, αντίγραφα ασφαλείας, κλειδιά κρυπτογράφησης εικονικών μηχανών, πιστοποιητικά και άλλα αρχεία σε όλους τους σκληρούς δίσκους αλλά και στο δίκτυο. Επίσης, διαγράφει όλα τα σημεία της επαναφοράς του συστήματος. Το Scraper μολύνει μόνο υπολογιστές με Windows.
User files are encrypted using multiple AES-256 one-time keys, one encryption key for each file. Kaspersky Labs reports that somewhere this procedure gone wrong, although other experts have their own theories. In any case, however, mistakes have clearly been made, otherwise decryption would be impossible.
"Although Trojan-Ransom.Win32.Scraper encrypts all files with AES-256 + RSA-2048, 70 percent of cases can be decrypted due to errors in the application of encryption algorithms," Kaspersky researchers Victor Alyushin and Fedor Sinitsyn.
If you are infected with malicious software, use the Kaspersky tool directly ScraperDecryptor.zip to decrypt your files. The company offers instructions on how to do it do from here.
One thing is for sure: Scammers will find some way to fix their code and release the new update. So Kaspersky's tool probably has an expiration date.