Location
  • Atlanta,
  • GA,
  • United States

Top Contributors

Cryptographic ransomware

I am writing an article on ransomware such as crtolocker/cryptowall/CTB-Locker and would like to get as much input as possible. It is almost finished and I have researched much of the information, but I am not a crypto expert.  I write articles based on how often I answer the same questions again and again.  Recently there has been a surge in ransomware questions, specifically CTB-Locker.

I will, of course, credit any input I receive.
View Previous CommentsLoad All Comments (21)

Expert Comment

Ray Joshi2015-04-10 06:29 AMID: 704343
I've just come across https://www.hypersocket.com - I've been using this and can guarantee it.
0
Rank: Savant

Expert Comment

btan2015-04-10 07:57 AMID: 704378
thought this may be of interest as well though it can be "noisy" and very manual, the thoughts of monitoring the handle counts may help
http://digital-forensics.sans.org/blog/2015/04/03/identifying-and-disrupting-crypto-ransomware-and-destructive-malware
0
Rank: Savant

Expert Comment

btan2015-04-28 08:30 AMID: 1730100
To further share talos released a tool for Teslacrypt ransomware
The Talos TeslaCrypt Decryption Tool
Our decryption utility is a command line utility. It needs the “key.dat” file to properly recover the master key used for file encryption. Before it begins execution, it searches for “key.dat” in its original location (the user’s Application Data directory), or in the current directory. If it isn’t able to find and correctly parse the “key.dat” file, it will return an error and exit.
http://blogs.cisco.com/security/talos/teslacrypt
0
Rank: Savant

Expert Comment

btan2015-05-21 06:37 AMID: 1734033
recent compilation that is handy
a helpful "Ransomware Removal Kit" which contains decryption tools for CryptoLocker, CoinVault, TeslaCrypt and FBIRansomWare, along with instructions on how to use them
https://bitbucket.org/jadacyrus/ransomwareremovalkit/src/8adea2b03cd0?at=master
0
Rank: Savant

Expert Comment

btan2015-06-01 07:23 AMID: 1735792
one  "repentant" ransomware whom posted (http://pastebin.com/1WZGqrUH) the private keys used by "locker". a tool called unlocker is available
This Decrypter version will only work for victims who know their BitCoin Address that the infection gave them. A update will be coming soon which will allow victims without this address to decrypt their files. Please be patient.
http://www.bleepingcomputer.com/forums/t/577246/locker-ransomware-support-topic/page-32#entry3721545
0
Rank: Master

Expert Comment

Maidine Fouad2015-06-03 04:47 PMID: 1736330
Most ransomware still use Zeus BotNet code , wich is avaible ...
0