O autor de uma das variantes de malware Locker Ransonware pede desculpas2015-09-15
O autor de uma das variantes de malware Locker Ransonware pede desculpas publicamente, apresentando-se anonimamente como Poka BrightMinds. Transcrevemos o texto original em inglês:
I am the author of the Locker ransomware and I'm very sorry about that has happened. It was never my intention to release this.
I uploaded the database to mega.co.nz containing "bitcoin address, public key, private key" as CSV.
This is a dump of the complete database and most of the keys weren't even used.
All distribution of new keys has been stopped.
Automatic decryption will start on 2nd of june at midnight.
@devs, as you might be aware the private key is used in the RSACryptoServiceProvider class .net and files are encrypted with AES-256 bit using the RijndaelManaged class.
This is the structure of the encrypted files:
- 32 bit integer, header length
- byte array, header (length is previous int)
*decrypt byte array using RSA & private key.
Decrypted byte array contains:
- 32 bit integer, IV length
- byte array, IV (length is in previous int)
- 32 bit integer, key length
- byte array, Key (length is in previous int) - rest of the data is the actual file which can be decrypted using Rijndaelmanaged and the IV and Key
Again sorry for all the trouble.
CoinVault ransomware DECRYPTOR
A Kaspersky Lab lançou entretanto o seguinte site para ajudar as vítimas do CoinVault ransomware, tendo assim a oportunidade de recuperar os seus dados sem ter que pagar aos cibercriminosos: https://noransom.kaspersky.com/