The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: decrypt ransomware

Hackers Targeting Critical Healthcare Facilities With Ransomware During Coronavirus Pandemic

Hackers Targeting Critical Healthcare Facilities With Ransomware During Coronavirus Pandemic
April 14, 2020Ravie Lakshmanan
As hospitals around the world are struggling to respond to the coronavirus crisis, cybercriminals—with no conscience and empathy—are continuously targeting healthcare organizations, research facilities, and other governmental organizations with ransomware and malicious information stealers. The new research, published by Palo Alto Networks and shared with The Hacker News, confirmed that "the threat actors who profit from cybercrime will go to any extent, including targeting organizations that are in the front lines and responding to the pandemic on a daily basis." While the security firm didn't name the latest victims, it said a Canadian government healthcare organization and a Canadian medical research university both suffered ransomware attacks, as criminal groups seek to exploit the crisis for financial gain. The attacks were detected between March 24 and March 26 and were initiated as part of the coronavirus-themed phishing campaigns that have become widespr

Massive Email Campaign Sends Locky Ransomware to Over 23 Million Users

Massive Email Campaign Sends Locky Ransomware to Over 23 Million Users
August 31, 2017Swati Khandelwal
Whenever we feel like the Locky ransomware is dead, the notorious threat returns with a bang . Recently, researchers from two security firms have independently spotted two mass email campaigns, spreading two different, but new variants of the Locky ransomware . Lukitus Campaign Sends 23 Million Emails in 24 Hours The campaign spotted by researchers at AppRiver sent out more than 23 million messages containing Locky ransomware in just 24 hours on 28 August across the United States in what appears to be one of the largest malware campaigns in the second half of this year. According to the researchers, the emails sent out in the attack were "extremely vague," with subjects lines such as "please print," "documents," "images," "photos," "pictures," and "scans" in an attempt to convince victims into infecting themselves with Locky ransomware. The email comes with a ZIP attachment (hiding the malware payload) tha

WannaCry Ransomware That's Hitting World Right Now Uses NSA Windows Exploit

WannaCry Ransomware That's Hitting World Right Now Uses NSA Windows Exploit
May 12, 2017Swati Khandelwal
Update —  After reading this article, if you want to know, what has happened so far in past 4 days and how to protect your computers from WannaCry, read our latest article " WannaCry Ransomware: Everything You Need To Know Immediately . "  Earlier today, a massive ransomware campaign hit computer systems of hundreds of private companies and public organizations across the globe – which is believed to be the most massive ransomware delivery campaign to date. The Ransomware in question has been identified as a variant of ransomware known as WannaCry (also known as 'Wana Decrypt0r,' 'WannaCryptor' or 'WCRY'). Like other nasty ransomware variants, WannaCry also blocks access to a computer or its files and demands money to unlock it. Once infected with the WannaCry ransomware, victims are asked to pay up to $300 in order to remove the infection from their PCs; otherwise, their PCs render unusable, and their files remain locked. In separate ne

No More Ransom — 15 New Ransomware Decryption Tools Available for Free

No More Ransom — 15 New Ransomware Decryption Tools Available for Free
April 05, 2017Mohit Kumar
No More Ransom, so is the Ransomware Threat. Launched less than a year ago, the No More Ransom (NMR) project has increased its capacity with new partners and new decryption tools added to its now global campaign to combat Ransomware. Started as a joint initiative by Europol, the Dutch National Police, Intel Security and Kaspersky Lab, No More Ransom is an anti-ransomware cross-industry initiative to help ransomware victims recover their data without having to pay ransom to cyber criminals. The online website not just educates computer users to protect themselves from ransomware, but also provides a collection of free decryption tools. Since December, more than 10,000 victims from all over the world have been able to decrypt their locked up devices without spending a penny, using ransomware decryption tools available free of charge on this platform. Statistics show that most of the website visitors were from Russia, the Netherlands, the U.S., Italy, and Germany. The pla

This Ransomware Unlocks Your Files For Free If You Read CyberSecurity Articles

This Ransomware Unlocks Your Files For Free If You Read CyberSecurity Articles
January 05, 2017Wang Wei
Ransomware has been around for a few years, but in last two years, it has become one of the fastest growing threats to businesses and users across the world, so will be in 2017. Ransomware is a piece of malware that encrypts files on your computer with strong encryption algorithms and then demands a ransom money in Bitcoin to decrypt the data so you can regain access to your encrypted files. We have seen some nastier ransomware infections over the past couple of years. The most interesting one was Popcorn Time that decrypts victims files for free if they pass the infection on to other people. Now, a new strain of ransomware takes the infection to a whole new level of craziness. Dubbed Koolova , the ransomware will restore your encrypted files for free, just like Popcorn Time. The only difference between both the infections is that you don't have to infect others to get free decryption key. Instead, all you have to do is educate yourself about ransomware by reading two

How to Decrypt TeslaCrypt Ransomware Files Using Master Key

How to Decrypt TeslaCrypt Ransomware Files Using Master Key
May 19, 2016Mohit Kumar
Here's some good news for victims who are trying to unlock and remove TeslaCrypt ransomware. Now, you can decrypt all your important files that have been encrypted by TeslaCrypt ransomware. So, stop Googling about How to decrypt TeslaCrypt Ransomware encrypted files, as the malware authors themselves provided the solution to your problem. Since its launch in March last year, TeslaCrypt computer virus has been used in massive malvertising attacks. The ransomware, which often targets PC gamers, locks up files until a ransom is paid, usually $500 in Bitcoin. Infection generally comes through corrupted websites, malvertising or phishing emails. In a surprising move in the malware's story, the cybercriminals behind the nefarious TeslaCrypt ransomware have apparently shut down their operations and released a master key to the public that can unlock all encrypted files on PCs infected by the latest versions of TeslaCrypt. The icing on the cake is that the universal decryption

How to decrypt Petya Ransomware for Free

How to decrypt Petya Ransomware for Free
April 12, 2016Mohit Kumar
Ransomware has risen dramatically since last few years and is currently one of the most popular threats on the Internet. The Ransomware infections have become so sophisticated with the time that victims end up paying ransom in order to get their critical and sensitive data back. But if you are infected with Petya Ransomware , there is good news for you. You can unlock your infected computer without paying the hefty ransom. Thanks to the Petya author who left a bug in the Ransomware code. What is Petya Ransomware? Petya is a nasty piece of ransomware that emerged two weeks ago and worked very differently from any other ransomware. The ransomware targets the victims by rebooting their Windows computers, encrypting the hard drive's master boot file, and rendering the master boot record inoperable. Also Read:  How to Decrypt CoinVault and Bitcryptor Ransomware A master boot record (MBR) is the information in the first sector of any hard disk that ide

EPIC Fail — For the Third Time, Linux Ransomware CRACKED!

EPIC Fail — For the Third Time, Linux Ransomware CRACKED!
January 07, 2016Mohit Kumar
Ransomware is now a common practice for money-motivated cyber criminals. It's basically a type of software written in any system-based programming language that has the ability to hijack victim's computer, encrypts files and then ask for a ransom amount to get them back. One such ransomware dubbed Linux.Encoder targets Linux-powered websites and servers by encrypting MySQL, Apache, and home/root folders associated with the target site and asks for 1 Bitcoin ( $453.99 ) to decrypt those crucial files. But, the good news is it is very easy to get rid of it. The Malware author released the third version of the Linux.Encoder ransomware, which security researchers from Bitdefender have managed to crack, yet again, after breaking previous two versions. However, before the team managed to release the Linux.Encoder decryption tool, the third iteration of Linux.Encoder ransomware, which was first discovered by antivirus maker Dr.Web, has infected a nearly 600 servers w

Free Ransomware Decryption Tool — CoinVault and Bitcryptor

Free Ransomware Decryption Tool — CoinVault and Bitcryptor
October 31, 2015Swati Khandelwal
Have you been infected with the insidious CoinVault or Bitcryptor ransomware? If so, there is some potentially good news for you. You may now recover your encrypted files for FREE! – Thanks to the efforts of Dutch police and antivirus maker Kaspersky Lab. Security researchers from Kaspersky Lab and the Dutch Public Prosecution Service have obtained and published the last set of encryption keys from command-and-control (C&C) servers used by two related ransomware threats – CoinVault and Bitcryptor . Security researchers first observed CoinVault ransomware attacks in May 2014. Since then, CoinVault has made more than 1,500 victims in more than 108 countries. In April 2015, the Dutch police obtained ' Decryption keys ' database from a seized command and control server of CoinVault. Ransomware Decryption Tool Those decryption keys were then used by Kaspersky Lab to set up a Ransomware Decryptor Service , which included a set of around 750 decryp

CryptoWall Ransomware raised $325 Million in Revenue for Its Developer

CryptoWall Ransomware raised $325 Million in Revenue for Its Developer
October 30, 2015Mohit Kumar
The Creators of the notorious CryptoWall ransomware virus have managed to raise more than $325 million (£212 million) in this past year alone. Ransomware has emerged as one of the biggest cyber threats to web users in recent times. Typically, hackers primarily gain access to a user's computer system using a ransomware malware, which encrypts all files with a strong cryptographic algorithm, and demand a ransom money to be paid in Bitcoin, typically between $200 and $10,000. In June 2014, researchers first discovered the CryptoWall ransomware attack, and currently, the latest CryptoWall version 3.0 (CW3) is the most sophisticated and complex family of this malware backed by a very robust back-end infrastructure. Must Read:   FBI Suggests Ransomware Victims — 'Just Pay the Ransom Money' According to the latest report  ( pdf ) published by Cyber Threat Alliance (CTA) , an industry group formed last year to study emerging threats, researchers have disco

Script Kiddies can Now Create their Own Ransomware using This Kit

Script Kiddies can Now Create their Own Ransomware using This Kit
August 19, 2015Khyati Jain
Don't panic! You heard it right. A Turkish security researcher named Utku Sen has posted a fully functional Ransomware code on open source code sharing website GitHub . The Ransomware dubbed Hidden Tear , uses AES Encryption to lock down files before displaying a ransom message warning to get users to pay up. The currently undetectable version of ransomware can be modified and implemented accordingly, as it contains every feature a cybercriminal can expect from modern malware. Sen describes his Ransomware as "a ransomware-like file crypter sample which can be modified for specific purposes." This means even script kiddies can now develop their own Ransomware to threaten people. The Hidden Tear — Free Ransomware Kit The " Hidden Tear " Ransomware package consists of four files namely: Hidden-Tear-Decrypter Hidden-Tear .gitignore README.md Hidden Tear Ransomware is capable of : Using AES algorithm to encrypt files Sendi

Free Ransomware Decryption and Malware Removal ToolKit

Free Ransomware Decryption and Malware Removal ToolKit
May 21, 2015Swati Khandelwal
A security researcher has compiled a ransomware removal and rescue kit to help victims deal with ransomware threats and unlock encrypted files without paying off a single penny to the cyber crooks. Ransomware is a growing threat to the evolution of cyber criminals techniques in an attempt to part you from your money. Typically, the malicious software either lock victim's computer system or encrypt the documents and files on it or in some cases both, to extort money from victims. Most often ransomware victims end up paying off crooks either due to the threat of losing their important files or in panic as the threat pretends to be from some government agency. Though IT professionals and security companies have been dealing and fighting back with the ransomware threats, security professional Jada Cyrus has compiled a " Ransomware Rescue Kit "  or "Ransomware Removal Kit"  and made it available for free online. Ransomware removal kit - Download

New Cryptowall 3.0 Ransomware Communicates over I2P Anonymous Network

New Cryptowall 3.0 Ransomware Communicates over I2P Anonymous Network
January 15, 2015Swati Khandelwal
We have seen a series of Ransomware tended to be simple with dogged determinations to extort money from victims. But with the exponential rise in the samples of Ransomware last year, we saw more subtle in design, including " Cryptolocker " that was taken down along with the " Gameover ZeuS " botnet last June. As a result, another improved ransomware packages have sprung up to replace it — CryptoWall . Ransomware is an emerging threat in the evolution of cybercriminals techniques to part you from your money. Typically, the malicious software either lock victim's computer system or encrypt the documents and files on it, in order to extort money from the victims. Since last year, criminals have generated an estimated US$1 million profits. Now, the infamous Cryptowall ransomware is back with the newest and improved version of the file-encrypting ransomware program, which has been spotted compromising victims by researchers early this week, security research

Student Decrypts Simplocker Android Ransomware that Encrypts Files

Student Decrypts Simplocker Android Ransomware that Encrypts Files
June 17, 2014Swati Khandelwal
In a previous story, I reported about a new ransomware threat known as Simplocker discovered by researchers at the security firm ESET, targeting Android users in the UK, Switzerland, Germany, India and Russia, for ransom. Simplocker (Android/Simplocker.A) is the latest Android ransomware that has ability to encrypt the files using Advanced Encryption Standard (AES) on the Android device SD cards demanding users pay a ransom of 260 UAH ( Ukrainian hryvnias ), which is roughly equal to $21 US, for those files to be decrypted. To hide their track, the malware author is using the Command-and-Control server hosted on TOR .onion domain, which makes it difficult to trace the server's physical location or determine who is operating it. The malware collects information about the users' phone such as IMEI number, Operating System, phone model and manufacturer to send it all to Command-and-Control server. STUDENT CRACKS SIMPLOCKER RANSOMWARE Now, an undergraduate stu
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.