Cyber security news for all

More

    Researchers have reversed L4NC34 Ransomware Encryption Routine

    The encryption routine performed by L4NC34 ransomware has been reversed by security researchers. This was done by decrypting a file with no payment made as ransom. The L4NC34 ransomware was first discovered by sucuri security when there was an inquiry into attack where a malicious actor encrypted all website files and added “crypt” to all file names.

    MALICIOUS PHP FILES

    When the security firm investigated more and something unusual was detected, a ransom note was stored in a PHP file instead of the usual HTML or .txt file. They realized that this malicious PHP file was base64 encoded and they went further to react by decoding the file. With this effort, they were able to uncover parts of code that were responsible for showing the ransom note  and also finishing decryption after retrieving a password

    The revelation by this latter snippet shows that L4NC34 hasn’t “encrypted” the organization’s data of the victim but had just employed the “gzdeflate” function to modify the data. They did follow up the threat by altering the edited files’ names

    Sucuri used the knowledge acquired to know that the decryption process can be run via the browser or the terminal and retrieve a file successfully without the victim having to pay a ransom fee of $10. At the time of this discovery, it was found out that no victim had transferred money to the Bitcoin account provided by L4NC34 for the ransom payment.

    Although the LANC34’S encryption routine was easily reversed by the researchers same can’t be said of other ransomware families. This goes further to buttress why companies should take their security against a crypto malware attack very seriously. One of the great avenues of nipping attacks like this in the bud is avoiding having a ransom infection of any kind in the first place.

     

     

     

    Recent Articles

    Judge issues injunction against WeChat

    The US government wanted to take action against the app WeChat. A judge stood sideways. The app should disappear from the platforms in the...

    Mail provider Tutanota becomes target of cyber attacks

    Over the weekend, ongoing DDoS attacks and an infrastructure problem resulted in downtime for hundreds of users. While some were able to mitigate most...

    Amazon accounts are the new target of cyber criminals

    Amazon is a popular target for cyber criminals who want to exploit the trust and image of the company among its customers with emails....

    Hackers stole thousands of passport data in Argentina

    In response to millions of dollars ransom refused by the Argentine Immigration Service, a ransomware group released passport data from hundreds of thousands of...

    USA wants to improve cybersecurity of space systems

    CISA has published a table this week that summarizes Chinese activities against cybersecurity. Some attacks have succeeded and enabled hackers to gain a foothold...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox