Security

BlackByte Ransomware Decryptor Released for Free

By Supriyo Chatterji / October 19, 2021
Open Padlock in Digital

Trustware, a cybersecurity company, put up a free decryptor for BlackByte on GitHub. This decryptor can be used by victims of the BlackByte ransomware to decrypt and restore files without having to pay the ransom money. This decryptor uses a design flaw in the ransomware’s encryption protocol to unlock stored files.

Trustware also released a two-part technical analysis explaining how they discovered the design flaw. The ransomware got into action on all targeted devices after the group downloaded a fake image file titled “forest.png.” When they looked into this file, they found a “raw” cryptographic key used to derive files encryption keys used by the ransomware. This keyset also generated the access key, which would give access to the dark web portal where the victims could make the payment to free their files.

The tool automatically decrypts the key on any infected ”forest.png” image. The decryptor itself contains a “forest.png” file, which should be replaced by the infected image used by the ransomware as mentioned above.

The hacker group behind the BlackByte ransomware responded to the decryptor by saying that using the wrong key might delete or corrupt the locked data. They also mentioned that they do not use only one key, and using the wrong version can even break entire operating systems without the possibility of restoration.

Further, now that the Blackbyte group knows of the flaw in the design, they are very likely to fix it. So, when a new version of the Blackbyte ransomware enters the market, the old decryptors will become obsolete. Also, since the Blackbyte group is a relatively new one, Trustware researchers speculate they might find numerous other bugs that will break the code even if this exploit is fixed.

The fact that this flaw was discovered three weeks ago (in September) and the Blackbyte gang has had eight targets who have refused to pay might indicate increasing resistance from potential victims. In the Netherlands, the government is planning to develop a new legal context that will basically outlaw ransom payments, so maybe other countries will contemplate the idea as well.


Add a Comment
Related Posts

Ziggy Ransomware Shuts Down and All Decryption Keys Released for Free


February 8, 2021

Three New Ransomware Decryptors Are Up for Grabs


September 26, 2019

Dharma/Crysis Ransomware File Decryption Scams on the Rise


November 12, 2019

The “Troldesh” Ransomware Terminates Operations and Releases Decryption Keys


April 28, 2020

Safe-to-Use Decryptors for the Fonix Ransomware Are Now Available


February 5, 2021

The ‘DarkSide’ Operators Respond to the Release of a Decryptor


January 18, 2021

© TechNadu 2024. All Rights Reserved.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari