Cyber security news for all

More

    Researchers have reversed L4NC34 Ransomware Encryption Routine

    The encryption routine performed by L4NC34 ransomware has been reversed by security researchers. This was done by decrypting a file with no payment made as ransom. The L4NC34 ransomware was first discovered by sucuri security when there was an inquiry into attack where a malicious actor encrypted all website files and added “crypt” to all file names.

    MALICIOUS PHP FILES

    When the security firm investigated more and something unusual was detected, a ransom note was stored in a PHP file instead of the usual HTML or .txt file. They realized that this malicious PHP file was base64 encoded and they went further to react by decoding the file. With this effort, they were able to uncover parts of code that were responsible for showing the ransom note  and also finishing decryption after retrieving a password

    The revelation by this latter snippet shows that L4NC34 hasn’t “encrypted” the organization’s data of the victim but had just employed the “gzdeflate” function to modify the data. They did follow up the threat by altering the edited files’ names

    Sucuri used the knowledge acquired to know that the decryption process can be run via the browser or the terminal and retrieve a file successfully without the victim having to pay a ransom fee of $10. At the time of this discovery, it was found out that no victim had transferred money to the Bitcoin account provided by L4NC34 for the ransom payment.

    Although the LANC34’S encryption routine was easily reversed by the researchers same can’t be said of other ransomware families. This goes further to buttress why companies should take their security against a crypto malware attack very seriously. One of the great avenues of nipping attacks like this in the bud is avoiding having a ransom infection of any kind in the first place.

     

     

     

    Recent Articles

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox

    [tdn_block_newsletter_subscribe input_placeholder="Email address" btn_text="Subscribe" tds_newsletter2-image="730" tds_newsletter2-image_bg_color="#c3ecff" tds_newsletter3-input_bar_display="" tds_newsletter4-image="731" tds_newsletter4-image_bg_color="#fffbcf" tds_newsletter4-btn_bg_color="#f3b700" tds_newsletter4-check_accent="#f3b700" tds_newsletter5-tdicon="tdc-font-fa tdc-font-fa-envelope-o" tds_newsletter5-btn_bg_color="#000000" tds_newsletter5-btn_bg_color_hover="#4db2ec" tds_newsletter5-check_accent="#000000" tds_newsletter6-input_bar_display="row" tds_newsletter6-btn_bg_color="#da1414" tds_newsletter6-check_accent="#da1414" tds_newsletter7-image="732" tds_newsletter7-btn_bg_color="#1c69ad" tds_newsletter7-check_accent="#1c69ad" tds_newsletter7-f_title_font_size="20" tds_newsletter7-f_title_font_line_height="28px" tds_newsletter8-input_bar_display="row" tds_newsletter8-btn_bg_color="#00649e" tds_newsletter8-btn_bg_color_hover="#21709e" tds_newsletter8-check_accent="#00649e" embedded_form_code="YWN0aW9uJTNEJTIybGlzdC1tYW5hZ2UuY29tJTJGc3Vic2NyaWJlJTIy" tds_newsletter="tds_newsletter1" tds_newsletter3-all_border_width="2" tds_newsletter3-all_border_color="#e6e6e6" tdc_css="eyJhbGwiOnsibWFyZ2luLWJvdHRvbSI6IjAiLCJib3JkZXItY29sb3IiOiIjZTZlNmU2IiwiZGlzcGxheSI6IiJ9fQ==" tds_newsletter1-btn_bg_color="#0d42a2" tds_newsletter1-f_btn_font_family="406" tds_newsletter1-f_btn_font_transform="uppercase" tds_newsletter1-f_btn_font_weight="800" tds_newsletter1-f_btn_font_spacing="1" tds_newsletter1-f_input_font_line_height="eyJhbGwiOiIzIiwicG9ydHJhaXQiOiIyLjYiLCJsYW5kc2NhcGUiOiIyLjgifQ==" tds_newsletter1-f_input_font_family="406" tds_newsletter1-f_input_font_size="eyJhbGwiOiIxMyIsImxhbmRzY2FwZSI6IjEyIiwicG9ydHJhaXQiOiIxMSIsInBob25lIjoiMTMifQ==" tds_newsletter1-input_bg_color="#fcfcfc" tds_newsletter1-input_border_size="0" tds_newsletter1-f_btn_font_size="eyJsYW5kc2NhcGUiOiIxMiIsInBvcnRyYWl0IjoiMTEiLCJhbGwiOiIxMyJ9" content_align_horizontal="content-horiz-center"]