Monday, December 16, 2019

Emsisoft Finds Bug in Decryptor of Ryuk Ransomware


In the past 6 months or so I have become a huge fan of the antivirus company Emsisoft.  Not only does the company make a first class antivirus product, but they also give back by running the Emsisoft Malware Lab which, among other things, releases free decryption keys for known Ransomware.

However, the good folks at Emsisoft are not the only ones who provide decryption keys.  There are other companies that do this as well.

Normally, that would be a good thing, but it seems that recently the bad guys have changed some things about the Ryuk Ransomware that make using the other free keys very risky.

One of the biggest problems with security is that it is a constantly shifting landscape… or a tremendously important cat and mouse game.  Hackers create malware, security professionals counter with solutions, and the hackers rework the malware to bypass whatever security professionals have done.  Currently this is exactly what has happened.

In the last 2 weeks hackers have changed the way Ryuk works.  The current versions that are striking victims uses code that only partially encrypts some files.  This allows the program to work faster and encrypt more data before it’s caught.  This is now causing problems for the existing free decryption solutions that are not created to deal with this new problem.  It means that victims may still be dealing with partially decrypted flies even after running a decryption key.

The good news is the Emsisoft has an updated decrypter that should provide for a smooth unencryption process.  

If you have been affected by Ryuk or you’d like more information, take a look at this post on the Emsisoft blog.  Also, the next time you need to renew your antivirus or you need to do an install on a clean system that needs antivirus, purchase Emsisoft.  That’s what I did...

No comments:

Post a Comment