Cyber security news for all

More

    Researchers have reversed L4NC34 Ransomware Encryption Routine

    The encryption routine performed by L4NC34 ransomware has been reversed by security researchers. This was done by decrypting a file with no payment made as ransom. The L4NC34 ransomware was first discovered by sucuri security when there was an inquiry into attack where a malicious actor encrypted all website files and added “crypt” to all file names.

    MALICIOUS PHP FILES

    When the security firm investigated more and something unusual was detected, a ransom note was stored in a PHP file instead of the usual HTML or .txt file. They realized that this malicious PHP file was base64 encoded and they went further to react by decoding the file. With this effort, they were able to uncover parts of code that were responsible for showing the ransom note  and also finishing decryption after retrieving a password

    The revelation by this latter snippet shows that L4NC34 hasn’t “encrypted” the organization’s data of the victim but had just employed the “gzdeflate” function to modify the data. They did follow up the threat by altering the edited files’ names

    Sucuri used the knowledge acquired to know that the decryption process can be run via the browser or the terminal and retrieve a file successfully without the victim having to pay a ransom fee of $10. At the time of this discovery, it was found out that no victim had transferred money to the Bitcoin account provided by L4NC34 for the ransom payment.

    Although the LANC34’S encryption routine was easily reversed by the researchers same can’t be said of other ransomware families. This goes further to buttress why companies should take their security against a crypto malware attack very seriously. One of the great avenues of nipping attacks like this in the bud is avoiding having a ransom infection of any kind in the first place.

     

     

     

    Recent Articles

    Russian Cybercriminal Behind “Cardplanet” Site Sentenced

    According to the United States Department of Justice, a Russian cybercriminal, Aleksey Burkov, 30—who operated Cardplanet site: a site that trafficked stolen card details—has...

    Hackers Used Malicious Docker Images to Mine Monero

    Researchers found malicious images on Docker Hub used for crypto mining. Palo Alto Networks' Unit  42, unraveled a crypto mining scheme which uses malicious Docker...

    NSA outlines requirements for secure collaboration services for US government telework

    The new National Security Agency (NSA) guidelines are a window of security for users. Everyone has been trying to return to their lives since...

    Cybercriminals threaten to sell off “scandalous” files swiped from Mariah Carey, Nicki Minaj, Puff Daddy’s legal eagles

    There's no escaping these cybercriminals. In a recent case of "cyber-extortion," threat actors known as REvil, are threatening to expose celebrity "dirt." These threat actors...

    Twitter apologises for exposed customers data

    In what is described as a "data security incident," sensitive details of Twitter's customers were exposed. Unlike other cases of a breach which are...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox