fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Ransomware Gangs’ Slow Decryptors Prompt Victims to Seek Alternatives

Ransomware Gangs’ Slow Decryptors Prompt Victims to Seek Alternatives

Recently, two highly publicized ransomware victims received a decryptor that was too slow to make it effective in quickly restoring the victim’s network.

The first was Colonial Pipeline, which paid a $4.4 million ransom for a decryptor after being attacked by the DarkSide ransomware operation.

However, the decryptor was so slow that the company resorted to restoring from backups.

“Once they received the payment, the hackers provided the operator with a decrypting tool to restore its disabled computer network. The tool was so slow that the company continued using its own backups to help restore the system, one of the people familiar with the company’s efforts said,” reported Bloomberg.https://www.ad-sandbox.com/static/html/sandbox.html

The more recent victim is HSE, the national healthcare system of Ireland, which was hit by a Conti ransomware attack but refused to pay a ransom.

Likely, realizing they made a mistake targeting a government agency, they released a free decryptor for the attack.

However, testing the decryptor found it too slow, so HSE worked with New Zealand cybersecurity firm Emsisoft to use their decryptor, which is allegedly twice as fast.

Emsisoft’s Universal Decryptor

After learning about Emsisoft’s decryptor, BleepingComputer reached out to Emsisoft CTO Fabian Wosar to learn more about how HSE was using it.

While Wosar refused to share information about their work with HSE, he explained that they created their ‘Universal Decryptor’ after that ransomware operations do a horrible job when decrypting files.

For example, Ryuk ransomware’s decryptor was known to have problems decrypting large files, leading to data corruption. Similarly, a bug in Babuk Locker’s decryptor caused data loss when decrypting ESXi servers.

In addition to the bugs, Wosar told BleepingComputer that ransomware operations’ decryptors are “atrociously slow”, which makes them a lot less effective than restoring files from backups.

While Emsisoft’s decryptor was designed for data safety, it is also much faster than ransomware gang’s decryptors. Since the tool comes from a well-known and respected cybersecurity company, it also eliminates the need to check the threat actor’s decryptor for malicious behavior.

Also Read: Compliance Course Singapore: Spotlight on the 3 Offerings

Emsisoft decryptor vs. threat actor decryptor

“We usually cut days off. Because no reversing needed to make sure it’s safe, no backups that need to be done first, easier deployment, better logs, and ultimately we end up being much, much faster,” Wosar told BleepingComputer.

Wosar also stated that it is not unheard of for victims to be affected by multiple ransomware attacks simultaneously, which prompted Emsisoft to adapt their decryptor to be able to load in multiple decryption keys from different ransomware families and decrypt the files in one go.

“More than 50 ransomware families and major variants are supported by the decryptor,” explained Wosar.

Testing Emsisoft’s decryptor

Wosar agreed to allow BleepingComputer to test their decryptor against publicly available samples of Conti and DarkSide and their respective decryptors previously shared on malware analysis sites.

As part of  our tests, we used a Windows 7 2 CPU virtual machine with a small 44.8 GB drive and 35.1 GB of used space.

While these specs are grossly different than what would be used in real-life scenarios, they still allow us to gauge the difference in speed between the Emsisoft decryptor and the ones provided by ransomware gangs.

In our first test, we encrypted our virtual machine with the Conti ransomware, which took approximately nine minutes.

While the Conti-provided decryptor decrypted the files in 22 minutes, Emsisoft’s decryptor was approximately 41% quicker than the threat actor’s decryptor as it got the job done in only 13 minutes, saving 9 minutes.

Decrypting Conti encrypted files using Emsisoft’s decryptor

Also Read: Considering Enterprise Risk Management Certification Singapore? Here are 7 Best Outcomes

We then performed a similar test with a DarkSide ransomware sample, which took only six minutes to encrypt our device.

Using the DarkSide decryptor took 29 minutes to decrypt our test files, while Emsisoft’s decryptor took only 18 minutes. This makes Emsisoft’s decryptor 37% faster in our tests, but Wosar states that machines with more CPUs will perform better.

DarkSide operation ransomware decryptor

With victims commonly having thousands of devices and terabytes of data to decrypt, 37 to 41% faster decryption speeds are significant and can shave off days, if not weeks, from a restoration process.

Emsisoft charges for their restoration services, where they analyze the particular ransomware and create customized decryptors, but provides free support to organizations in healthcare.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us