Since there is a huge increase in the number of ransomware infections, the cyber security firm Avast released three decryption tools to help victims, and reaching a total of 14 such tools made available by them.
“In last year, more than 200 new ransomware were discovered, it’s growth of in-the-wild samples is two-folded, but the good news is that hundreds of millions of AVG and Avast users are protected against this notorious threat,” says a blog post
signed by Jakub Kroustek, the reverse engineer and malware analyst at the Avast.
The newly released three new decryption tools address three different ransomware strains namely Jigsaw, HiddenTear and Philadelphia/Stampado. Some solutions for these strains are already available, those are from other security researchers. Avast, however, decided that it is better to have multiple options.
That is because these three ransomware strains are very active and frequently encountered. Since the encryption keys used update quite often and so must the decryption tools. In the end, whether it is Avast’s tools or those made by any other security researchers that work against these ransomware, it’s all for the very same purpose.
“Last but not least, we were able to significantly speed-up the decryption time, more precisely the password brute-force process, so e.g. some of the HiddenTear variants will be decrypted within minutes instead of days. The best results are achieved when decrypting files directly from the infected machine,” Kroustek writes.
HiddenTear has been around for a while and the code is actually hosted on GitHub. Given the fact that it is so present, many hackers have gone and tweaked the code and starting using it. Encrypted files have a wide range of extensions: .34xxx, .locked, .BUGSECCCC,.bloccato, .lock, .saeid, .unlockit, .Hollycrypt,.monstro, .lok, .razy, .mecpt, .암호화됨, .flyper, .kratos, .8lock8, .fucked,.CAZZO, .krypted, .doomed. and more.
After all these files are encrypted, a text file will appear on the victim’s desktop.