Researcher managed to crack the Linux.Encoder-ransomware for Linux so that victims without paying their files to recover. The ransomware was last week announced by the anti-virus company Doctor Web. At the time, it was unknown how the ransomware spreading.
It was known that it was mostly web servers that were infected. Now the Romanian anti-virus company said Bitdefender attackers use a vulnerability in the popular content management system magento to access servers. Then they install the ransomware, which looks a lot like Windows ransomware. Like Windows-based ransomware encrypts Linux.Encoder files with AES. The symmetric key is then encrypted with an asymmetric encryption algorithm (RSA).
When designing the ransomare the creators have made a big mistake, allowing researchers Bitdefender can identify the AES key without that first with the RSA private key must be decrypted. The ransomware does not use any keys and initialisation vectors for encryption, but leads these two pieces of information on a specific feature in combination with the time of the encryption. This information is easily retrieved and, according to the researchers, a major design flaw. They now have a tool(zip) has been developed which automatically encrypted files can decrypt.
No comments:
Post a Comment