fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

RansomEXX Ransomware Linux Encryptor May Damage Victims’ Files

RansomEXX Ransomware Linux Encryptor May Damage Victims’ Files

​Cybersecurity firm Profero has discovered that the RansomExx gang does not correctly lock Linux files during encryption, leading to potentially corrupted files.

In a new report by Profero, Senior Incident Responder Brenton Morris says the RansomEXX decryptor was failing on various files encrypted by the threat actor’s Linux Vmware ESXI encryptor for one the victims who paid the ransom.

After reverse-engineering the RansomExx Linux encryptor, Profero discovered that the problematic decryption was caused by Linux files not being adequately locked while they were encrypted.

Also Read: Digital Transformation – Do Or Die in 2020

Without the file being locked, if the ransomware attempted to encrypt a Linux file simultaneously as another process wrote to it, the encrypted file would contain both encrypted data and unencrypted data appended after it, as shown below.

Encrypted file with a mix of encrypted and unencrypted data
Encrypted file with a mix of encrypted and unencrypted data

“Some strains of Linux ransomware will attempt to acquire a file lock using fcntl while others will often not attempt to lock files for writing, and instead either knowingly choose to take the risk of corrupting the files or do so unknowingly due to lack of Linux programming experience,” Morris told BleepingComputer.

“The Linux version of RansomEXX did not attempt to lock the file at all.”

When RansomExx encrypts a file, it will append an RSA encrypted decryption key to the end of each encrypted file.

If a victim pays a ransom, the threat actor supplies a decryptor that can decrypt each file’s encrypted decryption key and then use it to decrypt the file’s contents.

Also Read: The Importance of Penetration Testing for Businesses

However, as these problematic encrypted files had unencrypted data appended to the end of the file, the decryptor could not read the encrypted key properly and would fail to decrypt the file.

Fixed decryptor released

To aid their clients and the greater cybersecurity community, Profero has released an open-source RansomEXX decryptor that can decrypt files encrypted with this file locking issue.

Profero's RansomEXX decryptor
Profero’s RansomEXX decryptor

Victims still need to have acquired a decryptor key from the threat actor, but they can now use a decryptor created by a cybersecurity firm rather than having to take the time to vet one provided by threat actors.

“Because the attackers provide paying victims with a decryption tool they must run to decrypt their files there is a risk that the decryption tool may be malicious. This requires affected victims to reverse engineer the provided decryption tool to ensure there is no hidden payload or malicious features, a time investment that can be problematic for some organizations during a ransomware incident,” explains Profero’s blog post.

You can find complete instructions and command-line usage for using the decryptor in Profero’s post and on the decryptor’s GitHub page.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us