Emsisoft, the software company that released the BigBobRoss ransomware decrypter a couple of weeks back, have just released another two decrypters that will finally free the data of people who got hit by the “Hacked” and the “PewCrypt” ransomware software. As it almost always happens in cases like this, the decryption tools are offered free of charge, going directly against the intentions of the malicious actor.
The “Hacked” ransomware is a relatively old one, dating back to 2017. This program tricked people into thinking that they are installing a “Windows Update” while it went about encrypting all files in the infected machine through a process that ran under the hood. Hacked was not a wide-spread ransomware problem, but it certainly had a respectable number of victims until the usual suspect, Michael Gillespie, managed to crack it after about 1.5 years. The Emsisoft decrypter must be run with administrative privileges, and it will automatically locate and decrypt all files that have the characteristic “.hacked” extension.
The second decrypter tool which was also released by Emsisoft unlocks files that have been encrypted by the PewCrypt ransomware. This is a malicious program that was created by a PewDiePie fan to increase the YouTuber’s subscribers. This ransomware was an especially nasty one, as victims weren’t even given the option to pay for a decrypter. Instead, they were simply urged to subscribe to PewDiePie’s channel and wait until it reaches 100 million subscribers. The hacker would then supposedly distribute the decrypter to all victims, which he actually did, but it wasn’t a user-friendly tool. Emsisoft leveraged the unlocking algorithms for the AES and RSA encryption of this ransomware and created a more comfortable to use decrypter for PewCrypt.
As the original ransomware author also released the source for PewCrypt, we are bound to see spins of it in the wild soon.
https://twitter.com/JustMe79194181/status/1102205718797668352
The takeaway of this story is "patience". It may take a while for white hat hackers to unlock the ransomware that hit you, but sooner or later, they get to crack it. If you don’t want to rely on the release of a special decrypter, take regular backups of your data, and don’t download and run executables from unreliable sources. Whatever you do, don’t ever pay the ransom, as there’s no guarantee that the malicious actors will ever bother to send you a working decrypter. In most cases, they simply don’t, and the perpetual circle of exploitation goes on.
Have you had an experience with the Hacked or the PewCrypt ransomware? Share the juicy details with us in the comments section beneath, and help us spread the word to more by sharing this post through our socials, on Facebook and Twitter.