{"id":5765,"date":"2021-10-19T11:20:43","date_gmt":"2021-10-19T02:20:43","guid":{"rendered":"https:\/\/cyberenso.jp\/?p=5765"},"modified":"2021-12-12T11:26:10","modified_gmt":"2021-12-12T02:26:10","slug":"free-blackbyte-ransomware-decryptor-released-after-aes-encryption-key-was-reused","status":"publish","type":"post","link":"https:\/\/cyberenso.jp\/en\/free-blackbyte-ransomware-decryptor-released-after-aes-encryption-key-was-reused\/","title":{"rendered":"Free BlackByte ransomware decryptor released after AES encryption key was reused"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"5765\" class=\"elementor elementor-5765\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-f805b5c elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"f805b5c\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ca11036\" data-id=\"ca11036\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-30015e0 elementor-widget elementor-widget-text-editor\" data-id=\"30015e0\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>On Thursday 15<sup>th<\/sup> of October 2021, a free decryptor for the BlackByte ransomware and a SpiderLabs blog detailing the process of decrypting the ransomware was released to the public to allow past victims to recover their files for free.<\/p><p>Researchers had found that the ransomware was downloading an image file called &#8216;forest.png&#8217; from a remote malicious site under the control of the ransomware gang. It was discovered that the AES encryption key used to encrypt the compromised machines were stored in the image file. Therefore, the same key can used to encrypt and decrypt files. The company, Trustwave had found out that the ransomware gang had been reusing the same forest.png file for multiple victims, so using the forest.png file, they were able to build a decryptor that recovers a victim&#8217;s files for free.<\/p><p>However, the decryptor has been noticed by the ransomware gang who warned that they have used more than one key and that if the decryptor used with the wrong key can led to the corruption of victims\u2019 files.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>On Thursday 15th of October 2021, a free decryptor for the BlackByte ransomware and a SpiderLabs blog detailing the process of decrypting the ransomware was released to the public to allow past victims to recover their files for free. Researchers had found that the ransomware was downloading an image file called &#8216;forest.png&#8217; from a remote malicious site under the control<span class=\"excerpt-hellip\"> [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":5770,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,10,12,9,2,8,1],"tags":[],"class_list":["post-5765","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-latest_news","category-latest_vulnerabilities","category-read_article","category-ransomware_criminals","category-ce_news","category-industry_sector","category-uncategorized"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cyberenso.jp\/wp-content\/uploads\/2021\/12\/Picture1-14.jpg?fit=1379%2C919&ssl=1","_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/5765"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=5765"}],"version-history":[{"count":6,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/5765\/revisions"}],"predecessor-version":[{"id":5774,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/5765\/revisions\/5774"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/5770"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=5765"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/categories?post=5765"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/tags?post=5765"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}