Cybersecurity researchers have developed a decryption tool to unlock machines infected by Ransom Warrior ransomware.
The Malware Hunter Team first spotted the malware on August 8 and researchers believe the threat actors are India-based and inexperienced malware developers dude to the malware being written in .NET, an obfuscated executable that isn’t packed or otherwise protected, according to a an Aug. 30 Check Point blog post.
“In fact, the “encryption” used by the ransomware is a stream cipher using a key randomly chosen from a list of 1000 hard-coded keys in RansomWarrior’s binary code,” researchers wrote.
No comments:
Post a Comment