At least in part, ransomware Black Enough Today it’s a little less scary than in the past.
The malicious agent, responsible for over 300 documented attacks, has surrendered to its creators over 100 million dollars in ransoms, but from today he has to deal with a decryptor distributed for free.
The researchers of SRLabs have identified in recent days a weak point in theencryption algorithm of ransomware. The experts therefore managed to recover a key from 64 bytethrough which it was possible to create a tool, then distributed free of charge, which allows the recovery of at least part of the files targeted by cybercriminals.
The researchers wanted to illustrate their modus operandi, explaining how “Our analysis suggests that files can be recovered if the encrypted 64-byte plaintext is known. Files smaller than 5000 bytes cannot be recovered. For files between 5000 bytes and 1 GB in size, full recovery is possible“.
Black Basta, the ransomware was immediately corrected and is effective again
For files encrypted multiple times, manual review may be required for actual recovery. For some files, such as disk images of a virtual machinefor the experts it turns out “Feasible to know 64 bytes of plaintext in the right position“, which means that the decryption is more likely to be successful. The tool in question is available for download from GitHub site.
Despite this, it is good to consider how the free decryptor created by SRLabs is effective only in the event of an attack preceding the last one Natale. Cybercriminals have apparently already patched the vulnerability in the ransomware and it is now effective again.
Black Basta, believed to be close to the infamous group known as Contiover the past few months has targeted several large companies with the typical ransomware procedure, i.e. theft of data and a ransom demand so as not to make it public.