6 herramientas gratis para descifrar #Ransomware

El grupo No More Ransom ha estado trabajando en el desarrollo de herramientas para descifrar ciertos tipos de ransomware para ofrecerlo tanto a los ámbitos privados como públicos.

1. Rannoh Decrypter

Hecho por Kaspersky Lab, diseñado contra RannohCryptXXX. Para éste último, funciona en las versiones 1, 2 y 3. Disponible en éste link.

1. Rannoh Decrypter Although it is often difficult to reverse-engineer sophisticated ransomware variants, Kaspersky Lab made that happen, and in this case updated the Rannoh Decryptor, which now cleanses both Rannoh and CryptXXX malware. One caveat: It will only decrypt as long as there is at least one original file sample that has not been encrypted by CryptXXX. The Rannoh Decrypter now works on CryptXXX versions 1, 2, and 3. For versions 1 and 2, Kaspersky Lab found implementation mistakes, and for version 3 it was stored on the server. Follow this link for more information. Image Source: Kaspersky Lab

2. Wildfire Decryptor

Diseñado por Kaspersky LabsIntel Security, seguí este link para más información.

2. Wildfire Decryptor Kaspersky Lab got a phone call at one of its local offices in Europe that a machine was infected with ransomware. They tracked down the server in the Netherlands and had the local Dutch police seize the server. The police then turned over the keys to Kaspersky Lab and McAfee. When police examined the server, they found that the crooks made $80,000 in a single month and roughly 5,600 machines were infected. Both Kaspersky Lab and Intel Security developed tools. Follow this link for more information. Image Source: Kaspersky Lab

3. Chimera Decryptor

También desarrollado por Kaspersky Labs, incluído en la utilidad de RakhniDecryptor. Más información desde éste link.

3. Chimera Decryptor Kaspersky Lab discovered the keys to the Chimera ransomware strain on an Internet forum and then turned them over to their experts. It's never clear why keys are leaked: Sometimes it may be the handiwork of a rival gang looking to make trouble for the competition, experts say. In other instances, it could be a good Samaritan who wants to leak the keys but remain anonymous. Kaspersky Lab updated its Rakhni utility to build a decryptor. Follow this link for more information. Image Source: Malwarebytes

4. Shade Decryptor

Kaspersky LabsIntel Security han desarrollado herramientas contra variantes de éste ransomware. Más información desde aquí.

4. Shade Decryptor Shade was found because the ransomware authors made configuration mistakes that were discovered by researchers. They found the IP address of the server and gave it to the police, who seized the server. They recovered 250,000 keys. Both Kaspersky Lab and Intel Security developed tools for the ransomware variant. Follow this link for more information. Image Source: Kaspersky Lab

5. Teslacrypt Decryptor

Tanto ESET como Intel Security han desarrollado herramientas. Más información desde aquí.

5. Teslacrypt Decryptor This one was just plain odd: Researchers from ESET contacted the Teslacrypt gang and asked for the keys. Amazingly, the bad guys then just handed them over. Speculation is that the Teslacrypt group was moving on to CryptXXX. Either way, they released the keys and both Kaspersky Lab and Intel Security developed a decryptor. Kaspersky Lab and Intel Security also updated their Rakhni utility to decrypt this ransomware. Follow this link for more information. Image Source: welivesecurity.com

6. CoinVault Decryptor

Herramienta contra archivos cifrados por CoinVaultBytcyptor, desarrollado tanto por Kaspersky LabsIntel Security. Más información desde acá.

Fuente: DarkReading

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s