Search results for Decryption | Breaking Cybersecurity News | The Hacker News

Is your PC infected with Ransomware? Either pay the ransom amount to the attacker or spread the infection further to get the decryption keys. Yes, this new technique has been employed by cyber criminals with the latest round of ransomware threat, dubbed Popcorn Time. Initially discovered by MalwareHunterTeam , the new Popcorn Time Ransomware has been designed to give the victim's a criminal way of getting a free decryption key for their encrypted files and folders. Popcorn Time works similar to other popular ransomware threats, such as the Crysis Ransomware and TeslaCrypt, that encrypt various data stored on the infected computer and ask victims to pay a ransom amount to recover their data. But to get their important files back, Popcorn Time gives victims option to pay a ransom to the cyber criminal or infect two other people and have them pay the ransom to get a free decryption key. What's even worse? The victims are encouraged to pay the ransom of 1 Bitcoin (~$75...

Air-gapped computers that are believed to be the most secure computers on the planet have become a regular target for researchers in recent years. Air-gap computers are one that are isolated from the Internet or any other computers that are connected to the Internet or external network, so hackers can’t remotely access their contents. But you need to think again before calling them ' Safe .' A team of security researchers from Tel Aviv University and Technion have discovered a new method to steal sensitive data from a target air-gapped computer located in another room. The team is the same group of researchers who had experimented a number of different methods to extract data from a computer. Last year, the team demonstrated how to extract secret decryption keys from computers using just a radio receiver and a piece of pita bread. In 2014, the team devised a special digitizer wristband that had the ability to extract the cryptographic key used to secu...

Are you one of those Windows users who have found themselves as victims of the CoinVault Ransomware ? If Yes, then we have a Good news for you: Victims of CoinVault ransomware can now decrypt their files encrypted by malware using a free tool released by Kaspersky Lab. With the Help of The National High Tech Crime Unit (NHTCU) of the Dutch Police, Security Researchers at Kaspersky Labs have developed ' CoinVault Ransomware Decryptor ' that decrypts files locked by ransomware like CoinVault. Ransomware malware is a growing cyber threat in which hackers primarily gain access to a user’s system and demand a ransom be paid. Ransomware malware infects a computer or device to restrict the user’s access to the infected computer. Typically, the ransomware malware will either 'lock' the computer to prevent normal usage or encrypt the files on it to prevent access. Recently, during an investigation of the CoinVault ransomware, the Dutch police we...

Over the last few years, we have seen several types of Ransomware malware that demand a whopping amount of money from users for the retrieval of their locked, compromised sensitive files. We have also witnessed the birth of decryption solution for some of the Ransomware like Cryptolocker (partial), Coinvault , Rescue Kit . One more solution has recently been released for decryption of newly emerging ransomware, dubbed as Hydracrypt and Umbrecrypt that are propagated through Angler Exploit Kit. Both of the malware belong to CrypBoss ransomware family. The source code of CrypBoss Ransomware was leaked last year on Pastebin, which was later analyzed by Fabian Wosar, a security researcher at Emsisoft. With the help of CrypBoss Source code, Wosar was successfully able to crack the encryption algorithm of the ransomware and quickly made the decryption tool for CrypBoss and its variants ( Hydracrypt and Umbrecrypt ). It is found that both Hydracrypt and Umbrec...

If your PC has been infected by WannaCry – the ransomware that wreaked havoc across the world last Friday – you might be lucky to get your locked files back without paying the ransom of $300 to the cyber criminals. Adrien Guinet, a French security researcher from Quarkslab, has discovered a way to retrieve the secret encryption keys used by the WannaCry ransomware for free, which works on Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008 operating systems. WannaCry Ransomware Decryption Keys The WannaCry's encryption scheme works by generating a pair of keys on the victim's computer that rely on prime numbers, a "public" key and a "private" key for encrypting and decrypting the system’s files respectively. To prevent the victim from accessing the private key and decrypting locked files himself, WannaCry erases the key from the system, leaving no choice for the victims to retrieve the decryption key except paying the ransom to ...

No More Ransom, so is the Ransomware Threat. Launched less than a year ago, the No More Ransom (NMR) project has increased its capacity with new partners and new decryption tools added to its now global campaign to combat Ransomware. Started as a joint initiative by Europol, the Dutch National Police, Intel Security and Kaspersky Lab, No More Ransom is an anti-ransomware cross-industry initiative to help ransomware victims recover their data without having to pay ransom to cyber criminals. The online website not just educates computer users to protect themselves from ransomware, but also provides a collection of free decryption tools. Since December, more than 10,000 victims from all over the world have been able to decrypt their locked up devices without spending a penny, using ransomware decryption tools available free of charge on this platform. Statistics show that most of the website visitors were from Russia, the Netherlands, the U.S., Italy, and Germany. The pla...

If your computer has been infected with PyLocky Ransomware and you are searching for a free ransomware decryption tool to unlock or decrypt your files—your search might end here. Security researcher Mike Bautista at Cisco's Talos cyber intelligence unit have released a free decryption tool that makes it possible for victims infected with the PyLocky ransomware to unlock their encrypted files for free without paying any ransom. The decryption tool works for everyone, but it has a huge limitation—to successfully recover your files, you must have captured the initial network traffic (PCAP file) between the PyLocky ransomware and its command-and-control (C2) server, which generally nobody purposely does. This is because the outbound connection—when the ransomware communicates with its C2 server and submit decryption key related information—contains a string that includes both Initialization Vector (IV) and a password, which the ransomware generates randomly to encrypt the file...

A long-running ransomware known as CryptoLocker is continuing to lock victims out of their files and demand payment to restore access. The malware targets computers running Microsoft Windows and has already affected users across multiple regions. CryptoLocker encrypts files on an infected system and displays a ransom message. Victims are told their data is locked and are given a deadline to pay. The demanded payment usually ranges from $100 to $700 or the equivalent of two bitcoins. If the deadline passes, victims are warned they may permanently lose access to their files. Researchers and security forums report that the group behind CryptoLocker has now launched a separate website offering a decryption service. The site allows victims to buy the private decryption key even after the malware itself has been removed from their system. According to reports, the ransomware installed on infected computers asks for two bitcoins, roughly $450 at current exchange rates. The new website...

Have you been infected with the insidious CoinVault or Bitcryptor ransomware? If so, there is some potentially good news for you. You may now recover your encrypted files for FREE! – Thanks to the efforts of Dutch police and antivirus maker Kaspersky Lab. Security researchers from Kaspersky Lab and the Dutch Public Prosecution Service have obtained and published the last set of encryption keys from command-and-control (C&C) servers used by two related ransomware threats – CoinVault and Bitcryptor . Security researchers first observed CoinVault ransomware attacks in May 2014. Since then, CoinVault has made more than 1,500 victims in more than 108 countries. In April 2015, the Dutch police obtained ' Decryption keys ' database from a seized command and control server of CoinVault. Ransomware Decryption Tool Those decryption keys were then used by Kaspersky Lab to set up a Ransomware Decryptor Service , which included a set of around 750 decryp...

When I say Ransomware, the first nasty piece of malware strikes in the mind is CryptoLocker . A nasty strain of ransomware malware that threatened most of the people around the world by effectively destroying important files of the victims forever. CRYPTOLOCKER - A DEVASTATING THREAT CryptoLocker is a simple rather a devastating piece of Ransomware that encrypts the files on a victim’s computer and issues an ultimatum - Pay up or lose your data. CryptoLocker is particularly designed to extort money from computer users by holding computer files hostage until the computer user pays a ransom fee to get them back. Cryptolocker hijacker sniffs out your personal files and wraps them with strong AES-256-bit encryption before it demands money. HOW TO DECRYPT CRYPTOLOCKER? FREE TOOL RELEASED Thanks to security experts, who created an online service where victims whose systems have been encrypted by the CryptoLocker ransomware can get the decryption keys for free. This o...

Cybersecurity researchers have discovered a new ransomware strain dubbed HybridPetya that resembles the notorious Petya / NotPetya malware, while also incorporating the ability to bypass the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems using a now-patched vulnerability disclosed earlier this year. Slovakian cybersecurity company ESET said the samples were uploaded to the VirusTotal platform in February 2025. "HybridPetya encrypts the Master File Table , which contains important metadata about all the files on NTFS-formatted partitions," security researcher Martin Smolár said . "Unlike the original Petya/NotPetya, HybridPetya can compromise modern UEFI-based systems by installing a malicious EFI application onto the EFI System Partition." In other words, the deployed UEFI application is the central component that takes care of encrypting the Master File Table (MFT) file, which contains metadata related to all the files on the NTF...

If your computer has been infected with Thanatos Ransomware and you are searching for a free ransomware decryption tool to unlock or decrypt your files—your search is over here. Security researchers at Cisco Talos have discovered a weakness in the Thanatos ransomware code that makes it possible for victims to unlock their Thanatos encrypted files for free without paying any ransom in cryptocurrencies. Like all ransomware threats, Thanatos encrypts files and asks victims to pay for ransom in multiple cryptocurrencies, including Bitcoin Cash, to decrypt their files. "Multiple versions of Thanatos have been leveraged by attackers, indicating that this is an evolving threat that continues to be actively developed by threat actors with multiple versions having been distributed in the wild," the researchers say.  "Unlike other ransomware commonly being distributed, Thanatos does not demand ransom payments to be made using a single cryptocurrency like bitcoin. Inste...

So, How do Hackers compromise a Website? Simply by exploiting the flaws in it, that means they took advantage of the error in the developers’ code. Now, this time the hackers itself has left behind a crucial flaw in its malware code which can be exploited by us to help save our computer systems. Believe me, it’s not an April Fools’ joke! A malicious software program that holds the victims’ computer files hostage by wrapping them with strong encryption until the victim pays a ransom fee to get them decrypted, has a critical flaw in its malware code itself that it leaves the decryption key on the victim’s computer. The Anti-virus firm Symantec examined a sophisticated malware program dubbed as CryptoDefense (Trojan.Cryptodefense) ransomware , which appeared in the end of the last month. CryptoDefense is one of the complex malware programs that include a number of effective techniques, including Tor anonymity tool usage and Bitcoin digital currency to extort money from victims. Cryp...

The U.K. National Crime Agency (NCA) on Tuesday confirmed that it obtained LockBit's source code as well as a wealth of intelligence pertaining to its activities and their affiliates as part of a dedicated task force called  Operation Cronos . "Some of the data on LockBit's systems belonged to victims who had paid a ransom to the threat actors, evidencing that even when a ransom is paid, it does not guarantee that data will be deleted, despite what the criminals have promised," the agency  said . It also announced the arrest of two LockBit actors in Poland and Ukraine. Over 200 cryptocurrency accounts linked to the group have been frozen. Indictments and sanctions have also been unsealed in the U.S. against two other Russian nationals who are alleged to have carried out LockBit attacks. Artur Sungatov and Ivan Gennadievich Kondratiev (aka Bassterlord) have been accused of deploying LockBit against numerous victims throughout the U.S., including businesses nationw...

Ransomware has steadily evolved over the past decade, moving from isolated attacks on individual computers to wider campaigns that disrupt entire services. Families such as Cryptowall and Locky showed how quickly file-encrypting malware could spread across Windows systems. Researchers are now documenting a shift in that pattern. A variant of CTB-Locker has been adapted to target websites directly, encrypting server-side data and defacing pages to pressure site owners into paying a ransom. The strain, commonly referred to as CTB-Locker for Websites , does not target end-user PCs first. Instead, it hijacks web servers, locks website files, and demands payment in Bitcoin to restore access. FOR PROFESSIONALS CTB-Locker for Websites is an extension of the CTB-Locker ransomware family that traditionally targeted Windows systems. In this variant, attackers focus on web servers rather than individual desktops, encrypting site content and replacing the main index page with a ransom no...

Cybersecurity researchers have released an updated version of GandCrab ransomware decryption tool that could allow millions of affected users to unlock their encrypted files for free without paying a ransom to the cybercriminals. GandCrab is one of the most prolific families of ransomware to date that has infected over 1.5 million computers since it first emerged in January 2018. Created by BitDefender, the new GandCrab decryption tool [ download ] can now unlock files encrypted by the latest versions of the ransomware, from 5.0 to 5.2, as well as for the older GandCrab ransomware versions. As part of the " No More Ransom " Project, BitDefender works in partnership with the FBI, Europol, London Police, and several other law enforcement agencies across the globe to help ransomware affected users. The cybersecurity company in recent months released ransomware removal tools for some older GandCrab versions that helped nearly 30,000 victims recover their data for free,...

The Music Industry, Movie Studios and other companies who create media contents are always concerned with people getting access to their content without paying for it. Last year, On Request of Big Tech companies such as Microsoft, Google and Netflix, The World Wide Web Consortium (W3C) defined a new API (Application Programming Interface) called ' Encrypted Media Extensions (EME) ' in HTML5 to aid web-based video services in restricting the rights of users who utilize their services. Now the companies won't need to rely on third-party plugins like Flash and Silverlight to deliver copy-protected movies and TV shows to your browser. Instead, now they have same capabilities of Digital rights management (DRM)  right into the fabrics of the web. All other major modern web browsers, including Internet Explorer, Chrome, and Safari are supporting  Encrypted Media Extensions (EME)  within the web browser since last year, except Mozilla Firefox . Even after criticizing the use...