Free decryptor released for Key Group ransomware

Error allowed cybersecurity pros to create a Key Group ransomware decryptor

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A decryption tool for a widespreadransomwarevariant is now available to download for free, thanks to a group of cybersecurity researchers from the Netherlands.

Experts from EclecticIQ discovered a cryptographic error in the encryptor belonging to the Key Group ransomware operator which allowed them to build a decryptor, which they then released for free.

The news means that everyone who fell victim to this specific ransomware strain can find the script, written in Python, onthis link, and use it to salvage their encrypted files.

Unsophisticated threat actor

It’s worth mentioning that this decryptor doesn’t work on all versions of Key Group’s ransomware variant, but only some - built “around August 3”, the researchers said. As ransomware evolves, and new variants and versions pop up, they usually come with different encryption mechanisms, which renders these decryptors useless. This one will probably be useless soon too, once the crooks pick up on this news and tweak their code.

Citrix servers hacked using zero-day exploit>Hackers are targeting US critical infrastructure using this Citrix zero-day>These are the best malware removal tools around

In any case, the researchers called the group, which seems to be of Russian origin, a “low-sophisticated threat actor.”

In recent times, ransomware operators have stopped deploying encryptors and are focusing entirely on data exfiltration. Apparently, developing, maintaining, and deploying ransomware is too expensive and too cumbersome, while the same financial results can be achieved by simply stealing data and threatening to release it to the wild. Furthermore, deploying ransomware, especially on critical infrastructure providers, is hugely disruptive and forces law enforcement to act more swiftly.

That doesn’t mean hackers will suddenly stop encrypting files. Ransomware is still one of the most popular cyberattack methods out there, with Clop, BlackBasta, LockBit, and others, causing hundreds of millions of dollars in damages, both in the private, and public sectors. Companies in the United States are most frequently attacked, according to figures fromMalwarebytes.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Via:The Register

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics