fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Avaddon Ransomware Fixes Flaw Allowing Free Decryption

Avaddon Ransomware Fixes Flaw Allowing Free Decryption

The Avaddon ransomware gang has fixed a bug that let victims recover their files without paying the ransom. The flaw came to light after a security researcher exploited it to create a decryptor.

On Tuesday, Javier Yuste, a Ph.D. student at Rey Juan Carlos University, published a decryptor for the Avaddon Ransomware on his GitHub page and released a report describing the flaw through ArXiv.

According to Yuste’s research, when the Avaddon ransomware encrypts a device, it creates a unique AES256 encryption session key used to encrypt and decrypt the files. A flaw in how the ransomware clears this key, though, allowed Yuste to create a decryptor that retrieves the key from memory as long as the computer has not been shut down since being encrypted.

Ransomware dev fixes encryption flaw

As first reported by ZDnet, one day after the decryptor was released, the Avaddon ransomware developer posted to a hacker forum that they had fixed the flaw.

“Only neither the decryptor, nor such close atention will stop us. On the contrary, we analyzed the situation, identified weaknesses and found a solution.”

“We have already implemented a solution to the problem that will make decryption by third-party means impossible,” the Avaddon developer wrote in a forum post.

Also Read: Deemed Consent PDPA: How Do Businesses Comply?

Post by the ransomware dev on a hacker forum
Post by the ransomware dev on a hacker forum

To compensate the operation’s affiliates whose victims may have received free decryption, the ransomware developer increased affiliates’ revenue share to 80%. The normal revenue share for Avaddon affiliates is 65-75%, depending on how many victims they generate.

Threat actors read the same security news as you

It is important to remember that ransomware and threat actors follow the same Twitter and news feeds that you do.

In the past, ransomware operations such as GandCrab and Maze routinely taunted antivirus companies, researchers, and even BleepingComputer after news or research was published.

One threat actor went as far as creating a ransomware called ‘Fabiansomware‘ after the ransomware expert Fabian Wosar.

Fabiansomeware Ransomware
Fabiansomeware Ransomware

BleepingComputer has also been contacted numerous times by threat actors who wanted to clarify a point in an article or tell us further information.

Thus, it is always essential to assume that any ransomware flaws openly disclosed will also be seen by a threat actor.

We have seen this historically with CryptoDefense, DarkSide, and now Avaddon.

For this reason, most ransomware experts do not think security companies and researchers should publish encryption flaws or decryptors as it allows the threat actors to fix the bugs in their malware.

Instead, it is suggested that those who create a decryptor reach out to antivirus companies, incident response firms, law enforcement, and communities like BleepingComputer who commonly help ransomware victims.

Also Read: 10 Principles On How To Build A Good Governance Model

These decryptors can then be used by these organizations to privately help victims, while at the same time not publicly revealing to the ransomware developers how to fix their flaws.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us