You must Register or Sign in to your Cyware account to perform this action
×Once you are logged in, you will be able to:
Customize your feeds by selecting categories you like
Comment on or Like an article
Receive the latest security stories, trends, and insights in your inbox
Build your profile and login across multiple devices
Bookmark a story and read it later
- Home
- Hacker News
- Malware and Vulnerabilities
- RansomWarrior ransomware victims can now decrypt and retrieve their files for free

RansomWarrior ransomware victims can now decrypt and retrieve their files for free
RansomWarrior ransomware victims can now decrypt and retrieve their files for free- September 3, 2018
- |
- Malware and Vulnerabilities
/https://cystory-images.s3.amazonaws.com/shutterstock_492479059.jpg)
- The ransomware appears to have been developed by India-linked cybercriminals.
- RansomWarrior is written in .NET and is not obfuscated packed or protected in any way, suggesting that its creators may be novice malware developers.
A new strain of ransomware called the RansomWarrior was recently discovered by security researchers. Although it has been just weeks since the ransomware first appeared, security experts have already figured out how to decrypt and retrieve the files encrypted by Ransom Warrior.
The ransomware was first spotted by security researchers at Malwarebytes in early August. The ransomware has been targeting Windows users and is being delivered via an executable named “A Big Present.exe”.
According to security researchers at Check Point, who analyzed the ransomware, it appears to have been developed by India-liked cybercriminals. RansomWarrior is written in .NET and is not obfuscated packed or protected in any way, suggesting that its creators may be novice malware developers.
“In fact, the “encryption” used by the Ransomware is a stream cipher using a key randomly chosen from a list of 1000 hard-coded keys in RansomWarrior’s binary code,” Check Point researchers wrote in a blog. “As a result, the Check Point Research team has been able to extract those keys, and, as the key’s index is saved locally on the victim’s computer, provide the correct keys to the Ransomware itself in order to unlock the files.”
Although cybercriminals are now increasingly switching to delivering cryptocurrency miners, given their stealth and the ability to rake in profits, however, ransomware remains a persistent threat. Cybercriminals continue to develop new variants of ransomware, launching them in attacks or selling and/or renting them out in dark web forums.
The fact that ransomware has remained a prominent threat in the face of newly emerging trends indicates that it is here to stay and won’t likely fade away with time.
You can download the RansomWarrior decryption tool by clicking here.
- + Aware
Get such articles in your inbox
News
-
Previous News Chinese-language threat actor Rocke uses Git repositories to distribute Monero-mining malware
- September 3, 2018
- |
- Threat Actors
-
Next News How artificial intelligence and machine learning will impact cybersecurity
- September 3, 2018
- |
- New Cyber Technologies
Popular News
Related News
Categories
Get such articles in your inbox
News
-
Previous News Chinese-language threat actor Rocke uses Git repositories to distribute Monero-mining malware
- September 3, 2018
- |
- Threat Actors
-
Next News How artificial intelligence and machine learning will impact cybersecurity
- September 3, 2018
- |
- New Cyber Technologies
Popular News
Related News
Categories
