Cyber security news for all

More

    Researchers have reversed L4NC34 Ransomware Encryption Routine

    The encryption routine performed by L4NC34 ransomware has been reversed by security researchers. This was done by decrypting a file with no payment made as ransom. The L4NC34 ransomware was first discovered by sucuri security when there was an inquiry into attack where a malicious actor encrypted all website files and added “crypt” to all file names.

    MALICIOUS PHP FILES

    When the security firm investigated more and something unusual was detected, a ransom note was stored in a PHP file instead of the usual HTML or .txt file. They realized that this malicious PHP file was base64 encoded and they went further to react by decoding the file. With this effort, they were able to uncover parts of code that were responsible for showing the ransom note  and also finishing decryption after retrieving a password

    The revelation by this latter snippet shows that L4NC34 hasn’t “encrypted” the organization’s data of the victim but had just employed the “gzdeflate” function to modify the data. They did follow up the threat by altering the edited files’ names

    Sucuri used the knowledge acquired to know that the decryption process can be run via the browser or the terminal and retrieve a file successfully without the victim having to pay a ransom fee of $10. At the time of this discovery, it was found out that no victim had transferred money to the Bitcoin account provided by L4NC34 for the ransom payment.

    Although the LANC34’S encryption routine was easily reversed by the researchers same can’t be said of other ransomware families. This goes further to buttress why companies should take their security against a crypto malware attack very seriously. One of the great avenues of nipping attacks like this in the bud is avoiding having a ransom infection of any kind in the first place.

     

     

     

    Recent Articles

    Manchester United have been blackmailed by cyber attackers

    The Premier League club Manchester United fell victim to a cyber attack according to the Daily Mail. The cyber criminals are apparently demanding ransom in...

    TikTok has fixed a serious security gap issue

    TikTok accounts paid a researcher a reward of 4000 dollars after he reported two vulnerabilities as part of a disclosure. A combination of both...

    Passwords should be changed for Fortinet VPNs

    Administrators should change the access for Fortinet VPNs in use. Log-in information for almost 50,000 VPN networks has appeared in various cyber blogs. A security...

    Twitter confirmed to bring back account verification

    Twitter is bringing back verifications for the account verification in the beginning of 2021. Certain users will then be given a control mark again,...

    350,000 Spotify users were hacked

    At the beginning of July this year, security researchers discovered an unsecured database that contained access and other information from 350,000 Spotify users. Spotify...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox