Files held hostage are appended with one or all of the following. MafiaWare666 searches specific folder locations (Desktop, Music, Videos, Pictures, and Documents) and encrypts numerous file extensions like 7z, Bat, DivX, HTML, JPEG, JPG, MP3, MP4, ZIP, and everything in between for the most part. It is likely that new or unknown samples may encrypt files differently, making them decryptable without further analysis. Avast researchers found a vulnerability in the encryption schema that allows some of the variants to be decrypted without paying the ransom. MafiaWare666 encrypts files using AES encryption. The content of the file is below.The MafiaWare666 ransomware strain is written in C# there aren't any obfuscation or anti-analysis techniques. The ransomware also creates a text file named "GDCB-DECRYPT.txt", "CRAB-DECRYPT.txt", "KRAB_DECRYPT.txt", "%RandomLetters%-DECRYPT.txt" or "%RandomLetters%-MANUAL.txt" in each folder. The ransomware adds multiple possible extensions:įoobar.bmp -> (letters are random) This version of decryptor utilizes all these keys and can decrypt files for free. Also, in July 2018, the FBI released master decryption keys for versions 4-5.2. In October 2018, GandCrab developers released 997 keys for victims that are located in Syria. GandCrab was one of the most prevalent ransomware in 2018. All the Avast Decryption Tools are available in one zip here. Avast Decryption Tool for GandCrab can unlock Globe, one of the most prevalent ransomware problems of 2018.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |