Skip to main content

Software Utilities and Assistance

We have been requested many times to provide download links to all the tools we have used (and developed) to reverse the encryption schemes of some ransomware. These tools include Network Sniffers, TCP/IP Traffic Dumpers, Hex Editors, Debuggers and so on.

For those of you who like to get hands down to work, we'll gladly provide you with them. If you are not a computer geek and just need assistance, send us an E-mail and we'll try to fix your problem.

Bear in mind that we get many requests per day, so you must be patient!

Sincerely,
the HD team.

Comments

Post a Comment

Popular posts from this blog

Wana Decryptor / WanaCrypt0r

Alright, guys. This is a tough one: However, there's no reason to claim it's impossible to decrypt victims data. These idiots always let something slip through their fingers. Their servers might be found and keys restored to their respective victims. Errors might be found in their code, their key encryption scheme may have some weakness, etc. Let's just let the experts find a way out. By the way, if you want to temporarily protect your PC from this malware, you may do this.
Post a Comment
Read more

Good News (part 2)

Hey guys! After some -lot of- research and reverse-engineering, I decided to create a video which explains how to recover the private keys via a sniffer. Mind you, in some countries (United States and the United Kingdom and some countries in the European Union), ISPs are requested by law to retain data for over a year or so. Therefore, the authorities are able to retrieve the information (metadata) you sent and received anytime, including the day you got infected. It isn't hard for them to do, but that of course implies a long judicial process. Instead of paying the crooks, try to get in touch with the police and point out the existence of this law. I am also working on a program to to brute-force the key based on  parameters found inside the victim's computer  which I won't disclose right now. It appears that although the 2048 bits is certainly strong, they used a weak seeding which is quite simple and a brute-force attack can be performed within an manageable...
10 comments
Read more

CryptoDefense: Keys pair stored on disk!

This little detail slipped through their fingers... TOO LATE! (I actually hid this post when I understood that it might alert the crooks. But SYMANTEC did!) This is the exact path where your keys are: Windows XP C:\Documents and Settings\<USERNAME>\Application Data\Microsoft\Crypto\RSA\S-1-5-2... Windows 7 X:\Users\<USERNAME>\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21... (X stands for your hard-disk letter, which is commonly C in most computers)   HEXCMP highlights in red the differences whereas identical bytes remain white. TCP/IP dumped data is identical to the key found on Disk.  The private key is encrypted via  DPAPI (Data Protection API). There are many RSA keys in that folder though, but you can still find them by sorting these files by date. If you don't remember the date you got infected, see your screenshot at the crook's webpage or search for the oldest HOW_DECRYPT.TXT file in your system. I'll update this blog...
3 comments
Read more