Threat Intelligence

1/30/2017
03:30 PM
Steve Zurier
Steve Zurier
Slideshows
Connect Directly
Twitter
RSS
E-Mail

6 Free Ransomware Decryption Tools

The No More Ransom group has been working to get free decryptor tools into the hands of security professionals and the general public.
2 of 7

1. Rannoh Decrypter

Although it is often difficult to reverse-engineer sophisticated ransomware variants, Kaspersky Lab made that happen, and in this case updated the Rannoh Decryptor, which now cleanses both Rannoh and CryptXXX malware. One caveat: It will only decrypt as long as there is at least one original file sample that has not been encrypted by CryptXXX. The Rannoh Decrypter now works on CryptXXX versions 1, 2, and 3. For versions 1 and 2, Kaspersky Lab found implementation mistakes, and for version 3 it was stored on the server. Follow this link for more information.

Image Source: Kaspersky Lab

1. Rannoh Decrypter

Although it is often difficult to reverse-engineer sophisticated ransomware variants, Kaspersky Lab made that happen, and in this case updated the Rannoh Decryptor, which now cleanses both Rannoh and CryptXXX malware. One caveat: It will only decrypt as long as there is at least one original file sample that has not been encrypted by CryptXXX. The Rannoh Decrypter now works on CryptXXX versions 1, 2, and 3. For versions 1 and 2, Kaspersky Lab found implementation mistakes, and for version 3 it was stored on the server. Follow this link for more information.

Image Source: Kaspersky Lab

2 of 7
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-6461
PUBLISHED: 2019-03-21
Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result i...
CVE-2015-6462
PUBLISHED: 2019-03-21
Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, ...
CVE-2018-13798
PUBLISHED: 2019-03-21
A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V14), SICAM A8000 CP-802X (All versions < V14), SICAM A8000 CP-8050 (All versions < V2.00). Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a D...
CVE-2019-5490
PUBLISHED: 2019-03-21
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed...
CVE-2019-8997
PUBLISHED: 2019-03-21
An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server or make requests on the network by entering maliciously crafted X...