BlackByte Ransomware Decryptor Released for Free

  • A decryptor for the Blackbyte ransomware strain was released by Trustware cybersecurity.
  • The Blackbyte group warns victims that using the wrong decryption might corrupt locked files.
  • So far, only eight targets have refused paying the Blackbyte ransom amount.

Trustware, a cybersecurity company, put up a free decryptor for BlackByte on GitHub. This decryptor can be used by victims of the BlackByte ransomware to decrypt and restore files without having to pay the ransom money. This decryptor uses a design flaw in the ransomware’s encryption protocol to unlock stored files.

Trustware also released a two-part technical analysis explaining how they discovered the design flaw. The ransomware got into action on all targeted devices after the group downloaded a fake image file titled “forest.png.” When they looked into this file, they found a “raw” cryptographic key used to derive files encryption keys used by the ransomware. This keyset also generated the access key, which would give access to the dark web portal where the victims could make the payment to free their files.

The tool automatically decrypts the key on any infected ”forest.png” image. The decryptor itself contains a “forest.png” file, which should be replaced by the infected image used by the ransomware as mentioned above.

The hacker group behind the BlackByte ransomware responded to the decryptor by saying that using the wrong key might delete or corrupt the locked data. They also mentioned that they do not use only one key, and using the wrong version can even break entire operating systems without the possibility of restoration.

Further, now that the Blackbyte group knows of the flaw in the design, they are very likely to fix it. So, when a new version of the Blackbyte ransomware enters the market, the old decryptors will become obsolete. Also, since the Blackbyte group is a relatively new one, Trustware researchers speculate they might find numerous other bugs that will break the code even if this exploit is fixed.

The fact that this flaw was discovered three weeks ago (in September) and the Blackbyte gang has had eight targets who have refused to pay might indicate increasing resistance from potential victims. In the Netherlands, the government is planning to develop a new legal context that will basically outlaw ransom payments, so maybe other countries will contemplate the idea as well.

REVIEW OVERVIEW

Latest

Why Is Demon Slayer So Popular?

In August 2019, the world suddenly started talking about an anime series that had just released its nineteenth episode. Fast forward to...

F1 Live Stream 2022: How to Watch Formula 1 Without Cable

There's not much time until the 2022 Formula 1 World Championship gets underway - the first race is scheduled for late March,...

Disney+ Announces Basketball Series Inspired By Award-Winning Book The Crossover

Disney Plus announced a new basketball-themed drama series that is set to land on the streaming platform, drawing inspiration from the critically...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari