fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Ransomware Author Releases Decryption Keys, Says Goodbye Forever

Ransomware Author Releases Decryption Keys, Says Goodbye Forever

ransomware on paper blueprint background, technology concept

Update 12th FebruaryAn earlier version of this post incorrectly stated that the decryption tool used to unlock files existed prior to the keys being released – this has now been corrected.

If you’re unfortunate enough to be caught out by ransomware, the consequences can be devastating. You may be able to get rid of the infection, but the all-important files affected by such an attack will still be under lock and key. Without backups, which is more common than you may think, the files may be gone forever.

Also Read: PDPA Compliance Singapore: 10 Areas To Work On

A tiny slice of good fortune

Occasionally, we all catch the proverbial break. Files can sometimes be recovered in the following ways:

  • A ransomware author makes some sort of mistake, or their files are just simply coded badly. Researchers figure out a way to recover the decryption key, and publish it so victims can recover their files.
  • Authors offer up the keys themselves. This can be for a variety of reasons. They may have generated a bit too much heat, and are looking to retreat into the shadows with the suggestion of some good deed done. Other times, they decide “party’s over” with the release of a new variant and hand out a “Get out of jail free” pass to former victims.

This is where our current story picks up.

What a maze

Back in 2019, Maze Ransomware came to light:

Initially, it grabbed victims via fake Cryptocurrency site traffic bounced to exploit kit landing pages. It also claimed to vary ransom amounts depending on if the compromised machine was a workstation, home computer, or server.

Also Read: What Does A Data Protection Officer Do? 5 Main Things

Tactics changed a little later on, with threats of exfiltrated data being published if ransom demands were not met. The group behind Maze eventually announced retirement, and infection numbers tailed off after one final flourish in August 2020. Maze affiliates quickly moved over to Egregor, which was then mired in the mud of several arrests.

Now we’re at the beginning of 2022, and there’s yet more developments in Maze land.

We’re finished…again

Someone has posted to the Bleeping Computer forums, claiming to be the developer of not only Maze, but also Egregor and Sekhmet ransomware families. The post reads as follows:

Hello, It’s developer. It was decided to release keys to the public for Egregor, Maze, Sekhmet ransomware families.

also there is a little bit harmless source code of polymorphic x86/x64 modular EPO file infector m0yv detected in the wild as Win64/Expiro virus, but it is not expiro actually, but AV engines detect it like this, so no single thing in common with gazavat. Each archive with keys have corresponding keys inside the numeric folders which equal to advert id in the config.

In the “OLD” folder of maze leak is keys for it’s old version with e-mail based. Consider to make decryptor first for this one, because there were too many regular PC users for this version.

There is, once more, a claim that anyone involved is now definitely out of the Ransomware game for good. All the “source code of tools” are also supposedly gone forever.

The forum poster included a zip containing decryption keys for the ransomware, and also some source code for malware used by the Maze gang.

What’s the real reason for this farewell to arms?

Decryption tools now exist for the 3 groups mentioned, thanks to the release of the keys on the forum post. The zip file has now been removed from the forum due to the inclusion of the malware source code.

The author claims this forum post and announcement is not related to any arrest or takedown, but even so this feels more important as an announcement of leaving the malware realm to avoid trouble than being particularly helpful to victims just for the sake of it.

Are they gone for good, or will they return once more with a new set of Ransomware files? Only time will tell…

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us