Once you are logged in, you will be able to:

Customize your feeds by selecting categories you like

Comment on or Like an article

Receive the latest security stories, trends, and insights in your inbox

Build your profile and login across multiple devices

Bookmark a story and read it later

To use Cyware you must have cookies enabled. By Registering or Signing in, you agree to our Terms and Privacy Policy. You can also signup using Google Account. We will not use your credentials to import contacts or post anything on your account without your permission.For more info, please see Login FAQ.

RansomWarrior ransomware victims can now decrypt and retrieve their files for free

September 3, 2018

|
Malware and Vulnerabilities
Share on Whatsapp

Share on LinkedIn

Share on Twitter

Share on Facebook

RansomWarrior ransomware victims can now decrypt and retrieve their files for free

The ransomware appears to have been developed by India-linked cybercriminals.
RansomWarrior is written in .NET and is not obfuscated packed or protected in any way, suggesting that its creators may be novice malware developers.

A new strain of ransomware called the RansomWarrior was recently discovered by security researchers. Although it has been just weeks since the ransomware first appeared, security experts have already figured out how to decrypt and retrieve the files encrypted by Ransom Warrior.

The ransomware was first spotted by security researchers at Malwarebytes in early August. The ransomware has been targeting Windows users and is being delivered via an executable named “A Big Present.exe”.

According to security researchers at Check Point, who analyzed the ransomware, it appears to have been developed by India-liked cybercriminals. RansomWarrior is written in .NET and is not obfuscated packed or protected in any way, suggesting that its creators may be novice malware developers.

“In fact, the “encryption” used by the Ransomware is a stream cipher using a key randomly chosen from a list of 1000 hard-coded keys in RansomWarrior’s binary code,” Check Point researchers wrote in a blog. “As a result, the Check Point Research team has been able to extract those keys, and, as the key’s index is saved locally on the victim’s computer, provide the correct keys to the Ransomware itself in order to unlock the files.”

Although cybercriminals are now increasingly switching to delivering cryptocurrency miners, given their stealth and the ability to rake in profits, however, ransomware remains a persistent threat. Cybercriminals continue to develop new variants of ransomware, launching them in attacks or selling and/or renting them out in dark web forums.

The fact that ransomware has remained a prominent threat in the face of newly emerging trends indicates that it is here to stay and won’t likely fade away with time.

You can download the RansomWarrior decryption tool by clicking here.

You must Register or Sign in to your Cyware account to perform this action

RansomWarrior ransomware victims can now decrypt and retrieve their files for free

Get such articles in your inbox

News

Popular News

Related News

Categories

Get such articles in your inbox

News

Popular News

Related News

Categories