Kaspersky updates decryption tool to fight ransomware
Kaspersky has updated its RakhniDecryptor tool to allow users whose files were encrypted by Yatron and FortuneCrypt ransomware to retrieve their data without paying a ransom.
Kaspersky has developed a tool that is capable of recognizing specific kinds of ransomware and bringing them back to a normal state.
Yatron and FortuneCrypt are typical examples of this kind of malware. Yatron is the part of a so called ransomware-as-a-service affiliate program and its developers were reported to be planning to use the infamous EternalBlue and DoublePulsar exploits (malicious programs that use vulnerabilities in legal software to distribute other malicious software) as a propagation tool for the malware. While encrypting the victims’ files, this ransomware changes their extension to ‘.Yatron’.
The other variant of ransomware – FortuneCrypt – is unusual as it is written with a BlitzMax compiler based on publicly available information and is a programming framework developed specifically for those involved in the first steps of video games development. Both ransomware variants contain issues in how they deal with the victims’ files, and this allowed Kaspersky researchers to find ways of undoing the damage this malware caused.
“The goal of a coordinated effort which our industry currently takes against ransomware is not only to help victims retrieve their files, but also to make the business of ransomware itself as troublesome and costly for scammers as possible. The more families we defeat, the harder it is for cybercriminals to profit from their activity. The new decryption tools we’ve released are contributions to this goal and certainly won’t be the last”, said Orkhan Mamedov, security expert at Kaspersky.
Both the Yatron and FortuneCrypt decryptors have been added to the Kaspersky RakhniDecryptor tool. They can be downloaded from the No More Ransom website – a project launched by the Dutch National Police, Europol, McAfee and Kaspersky in 2016. The project involves cybersecurity experts and law enforcement agencies working together to share solutions and stop the scourge of ransomware.