Sign Up to Join

Cryptographic ransomware

I am writing an article on ransomware such as crtolocker/cryptowall/CTB-Locker and would like to get as much input as possible. It is almost finished and I have researched much of the information, but I am not a crypto expert. I write articles based on how often I answer the same questions again and again. Recently there has been a surge in ransomware questions, specifically CTB-Locker.

I will, of course, credit any input I receive.

View Previous Comments Load All Comments (21)

Expert Comment

Ray Joshi2015-04-10 06:29 AMID: 704343

I've just come across https://www.hypersocket.com - I've been using this and can guarantee it.

0

Rank: Savant

Expert Comment

btan2015-04-10 07:57 AMID: 704378

thought this may be of interest as well though it can be "noisy" and very manual, the thoughts of monitoring the handle counts may help
http://digital-forensics.sans.org/blog/2015/04/03/identifying-and-disrupting-crypto-ransomware-and-destructive-malware

0

Rank: Savant

Expert Comment

btan2015-04-28 08:30 AMID: 1730100

To further share talos released a tool for Teslacrypt ransomware

The Talos TeslaCrypt Decryption Tool
Our decryption utility is a command line utility. It needs the “key.dat” file to properly recover the master key used for file encryption. Before it begins execution, it searches for “key.dat” in its original location (the user’s Application Data directory), or in the current directory. If it isn’t able to find and correctly parse the “key.dat” file, it will return an error and exit.

http://blogs.cisco.com/security/talos/teslacrypt

0

Rank: Savant

Expert Comment

btan2015-05-21 06:37 AMID: 1734033

recent compilation that is handy

a helpful "Ransomware Removal Kit" which contains decryption tools for CryptoLocker, CoinVault, TeslaCrypt and FBIRansomWare, along with instructions on how to use them

https://bitbucket.org/jadacyrus/ransomwareremovalkit/src/8adea2b03cd0?at=master

0

Rank: Savant

Expert Comment

btan2015-06-01 07:23 AMID: 1735792

one "repentant" ransomware whom posted (http://pastebin.com/1WZGqrUH) the private keys used by "locker". a tool called unlocker is available

This Decrypter version will only work for victims who know their BitCoin Address that the infection gave them. A update will be coming soon which will allow victims without this address to decrypt their files. Please be patient.

http://www.bleepingcomputer.com/forums/t/577246/locker-ransomware-support-topic/page-32#entry3721545

0

Rank: Master

Expert Comment

Maidine Fouad2015-06-03 04:47 PMID: 1736330

Most ransomware still use Zeus BotNet code , wich is avaible ...

0

Top Contributors

Cryptographic ransomware