Skip to main content

Good news!


ONLY FOR THOSE INFECTED WITH 'CRYPTODEFENSE' MALWARE.

I've found a weakness in the malware samples which would allow me to regenerate the private key! . Now it'd be possible to recover files without paying the crooks a penny (though it's not as easy as it sounds). I won't comment any further as I don't want to alert the cyber-crooks.

Comments

  1. AnonymousMarch 21, 2014 at 1:20 PM

    Hello, I am a security researcher as well and I think it's totally true. How do I get in touch with you?

    ReplyDelete

Post a Comment

Popular posts from this blog

CryptoDefense: Keys pair stored on disk!

This little detail slipped through their fingers... TOO LATE! (I actually hid this post when I understood that it might alert the crooks. But SYMANTEC did!) This is the exact path where your keys are: Windows XP C:\Documents and Settings\<USERNAME>\Application Data\Microsoft\Crypto\RSA\S-1-5-2... Windows 7 X:\Users\<USERNAME>\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21... (X stands for your hard-disk letter, which is commonly C in most computers)   HEXCMP highlights in red the differences whereas identical bytes remain white. TCP/IP dumped data is identical to the key found on Disk.  The private key is encrypted via  DPAPI (Data Protection API). There are many RSA keys in that folder though, but you can still find them by sorting these files by date. If you don't remember the date you got infected, see your screenshot at the crook's webpage or search for the oldest HOW_DECRYPT.TXT file in your system. I'll update this blog...
3 comments
Read more

Wana Decryptor / WanaCrypt0r

Alright, guys. This is a tough one: However, there's no reason to claim it's impossible to decrypt victims data. These idiots always let something slip through their fingers. Their servers might be found and keys restored to their respective victims. Errors might be found in their code, their key encryption scheme may have some weakness, etc. Let's just let the experts find a way out. By the way, if you want to temporarily protect your PC from this malware, you may do this.
Post a Comment
Read more

Your files got encrypted by a RANSOMWARE!

On March 14, 2014 I got infected by a ransomware, a malicious program that encrypts your files upon infection and demands a payment in order to recover your files. This particular malware called CryptoDefense  creates the following files after it has encrypted all your videos, music and documents: " HOW_DECRYPT.TXT" , " HOW_DECRYPT.HTML" and " HOW_DECRYPT.URL" hence  the name of this blog.  Screenshot of files on Windows 7 The text in these files reads: All files including videos, photos and documents on your computer are encrypted by CryptoDefense Software. Encryption was produced using a unique public key RSA-2048 generated for this computer. To decrypt files you need to obtain the private key.  The single copy of the private key, which will allow you to decrypt the files, located on a secret server on the Internet;  the server will destroy the key after a month. After that, nobody and never will be able to restore files. In order to decry...
3 comments
Read more