Avast releases a free decryptor for some Hades ransomware variants

Category: Wordpress News
Original source: securityaffairs.co
Read time: < 2 minutes
Sentiment bias: Negative
Sentiment Score: -0.22186
Published: Oct 6th, 2022
Avast releases a free decryptor for some Hades ransomware variants

Quick Read

Avast released a free decryptor for variants of the Hades ransomware tracked as ‘MafiaWare666’, ‘Jcrypt’, ‘RIP Lmao’, and ‘BrutusptCrypt,’ .
Avast has released a decryptor for variants of the Hades ransomware known as ‘MafiaWare666’, ‘Jcrypt’, ‘RIP Lmao’, and ‘BrutusptCrypt,’ which can allow the victims of these ransomware strains to recover their files without paying the ransom.
The security firm discovered a bug in the encryption process implemented by the Hades ransomware that can be used to recover the files encrypted by some variants.
The experts pointed out that the Hades ransomware affected by the flaw did not exfiltrate any data from the victims.
” Follow me on Twitter: @securityaffairs and Facebook Pierluigi Paganini (SecurityAffairs – hacking, Hades ransomware)
“Once the password is found, you can proceed to decrypt all the encrypted files on your PC by clicking “Next” concludes AVAST.
” On the final page, you can opt-in to backup your encrypted files.

Avast releases a free decryptor for some Hades ransomware variants

Avast released a free decryptor for variants of the Hades ransomware tracked as ‘MafiaWare666’, ‘Jcrypt’, ‘RIP Lmao’, and ‘BrutusptCrypt,’ . Avast has released a decryptor for variants of the Hades ransomware known as ‘MafiaWare666’, ‘Jcrypt’, ‘RIP Lmao’, and ‘BrutusptCrypt,’ which can allow the victims of these ransomware strains to recover their files without paying the ransom. The security firm discovered a bug in the encryption process implemented by the Hades ransomware that can be used to recover the files encrypted by some variants. “We discovered a vulnerability in the encryption schema that allows some of the variants to be decrypted without paying the ransom. New or previously unknown samples may encrypt files differently, so they may not be decryptable without further analysis.” reads the post published by AVAST. The experts pointed out that the Hades ransomware affected by the flaw did not exfiltrate any data from the victims. MafiaWare666, for example, is a ransomware strain written in C# which doesn’t contain any obfuscation or anti-analysis techniques. The malicious code encrypts files using AES encryption. The malware samples analyzed by the researchers append the following extensions the the filename of the encrypted files: .MafiaWare666 .jcrypt .brutusptCrypt .bmcrypt .cyberone .l33ch Once the MafiaWare666 variant completes the encrypted process, it displays a window that provides payment instructions to the victims. The ransom price ranges from $50 to $300, although some of the older samples with different names demand up to one Bitcoin. Victims of these variants can download the free decryptor from the Avast server along with instructions to use it. The tool also allows victims that know a valid password for decrypting files, but that are not able to use the decryptor supplied by Hades, to tick the box in the above UI provided by the tool. In case victims haven’t the password, they can use the Avast tool to crack it. “Once the password is found, you can proceed to decrypt all the encrypted files on your PC by clicking “Next” concludes AVAST. ” On the final page, you can opt-in to backup your encrypted files. These backups may help if anything goes wrong during the decryption process. This option is on by default, which we recommend. After clicking “Decrypt” the decryption process begins. Let the decryptor work and wait until it finishes decrypting all of your files.” Follow me on Twitter: @securityaffairs and Facebook Pierluigi Paganini (SecurityAffairs – hacking, Hades ransomware)
The Original Article can be found on securityaffairs.co

Recent Wordpress News Articles

CISA Orders Federal Agencies to Regularly Track Network Assets and Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Binding Operational Directive (BOD) that directs federal agencies in the country to keep track of …

Read more here
CISA Orders Federal Agencies to Regularly Track Network Assets and Vulnerabilities
BEC Scammer Gets 25-Year Jail Sentence for Stealing Over $9.5 Million

A 46-year-old man in the U.S. has been sentenced to 25 years in prison after being found guilty of laundering over $9.5 million accrued by carrying out cyber-enabled financial frau …

Read more here
BEC Scammer Gets 25-Year Jail Sentence for Stealing Over $9.5 Million
Five Steps to Mitigate the Risk of Credential Exposure

Every year, billions of credentials appear online, be it on the dark web, clear web, paste sites, or in data dumps shared by cybercriminals. These credentials are often used for ac …

Read more here
Five Steps to Mitigate the Risk of Credential Exposure
Back to Basics: Cybersecurity's Weakest Link

A big promise with a big appeal. You hear that a lot in the world of cybersecurity, where you're often promised a fast, simple fix that will take care of all your cybersecurity nee …

Read more here
Back to Basics: Cybersecurity's Weakest Link
Researchers Uncover Covert Attack Campaign Targeting Military Contractors

A new covert attack campaign singled out multiple military and weapons contractor companies with spear-phishing emails to trigger a multi-stage infection process designed to deploy …

Read more here
Researchers Uncover Covert Attack Campaign Targeting Military Contractors
Latest News
Help & How To's
Around the Web