BlackByte Ransomware Decryptor Released for Free

  • A decryptor for the Blackbyte ransomware strain was released by Trustware cybersecurity.
  • The Blackbyte group warns victims that using the wrong decryption might corrupt locked files.
  • So far, only eight targets have refused paying the Blackbyte ransom amount.

Trustware, a cybersecurity company, put up a free decryptor for BlackByte on GitHub. This decryptor can be used by victims of the BlackByte ransomware to decrypt and restore files without having to pay the ransom money. This decryptor uses a design flaw in the ransomware’s encryption protocol to unlock stored files.

Trustware also released a two-part technical analysis explaining how they discovered the design flaw. The ransomware got into action on all targeted devices after the group downloaded a fake image file titled “forest.png.” When they looked into this file, they found a “raw” cryptographic key used to derive files encryption keys used by the ransomware. This keyset also generated the access key, which would give access to the dark web portal where the victims could make the payment to free their files.

The tool automatically decrypts the key on any infected ”forest.png” image. The decryptor itself contains a “forest.png” file, which should be replaced by the infected image used by the ransomware as mentioned above.

The hacker group behind the BlackByte ransomware responded to the decryptor by saying that using the wrong key might delete or corrupt the locked data. They also mentioned that they do not use only one key, and using the wrong version can even break entire operating systems without the possibility of restoration.

Further, now that the Blackbyte group knows of the flaw in the design, they are very likely to fix it. So, when a new version of the Blackbyte ransomware enters the market, the old decryptors will become obsolete. Also, since the Blackbyte group is a relatively new one, Trustware researchers speculate they might find numerous other bugs that will break the code even if this exploit is fixed.

The fact that this flaw was discovered three weeks ago (in September) and the Blackbyte gang has had eight targets who have refused to pay might indicate increasing resistance from potential victims. In the Netherlands, the government is planning to develop a new legal context that will basically outlaw ransom payments, so maybe other countries will contemplate the idea as well.

Latest
How to Watch America’s Funniest Home Videos Season 34 Online from Anywhere
What could be the best way to make money, spread laughter, and have a blast simultaneously? The answer: America's Funniest Home Videos....
How to Watch Family Guy Season 22 Online Free from Anywhere
Family Guy Season 22 continues to follow the funny day-to-day activities of the Griffins, particularly Peter’s. The new season is set to...
How to Watch Bob’s Burgers Season 14 Online from Anywhere
Bob's Burgers has been entertaining us with its unique charm and warmth for over 10 years. The Belcher family—Bob, Linda, and their...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari