Attacks on ten Israeli hospitals attributed to Chinese threat actors
October 18, 2021
Ecuador’s largest bank’s system shut down for multiple days after cyber attack
October 21, 2021

Free BlackByte ransomware decryptor released after AES encryption key was reused

On Thursday 15th of October 2021, a free decryptor for the BlackByte ransomware and a SpiderLabs blog detailing the process of decrypting the ransomware was released to the public to allow past victims to recover their files for free.

Researchers had found that the ransomware was downloading an image file called ‘forest.png’ from a remote malicious site under the control of the ransomware gang. It was discovered that the AES encryption key used to encrypt the compromised machines were stored in the image file. Therefore, the same key can used to encrypt and decrypt files. The company, Trustwave had found out that the ransomware gang had been reusing the same forest.png file for multiple victims, so using the forest.png file, they were able to build a decryptor that recovers a victim’s files for free.

However, the decryptor has been noticed by the ransomware gang who warned that they have used more than one key and that if the decryptor used with the wrong key can led to the corruption of victims’ files.

Leave a Reply

Your email address will not be published. Required fields are marked *