Ransomware Decrypters Available
Thursday, August 25, 2016 @ 05:08 PM gHale
There are two decrypters available that can unlock files encrypted from the WildFire ransomware.
The decrypters are available for download via the NoMoreRansom website.
The website is a collaboration between the Intel McAfee and Kaspersky Lab, which created the decrypters, the Dutch police, and the Europol European Cybercrime Centre (EC3).
WildFire is a ransomware first spotted in mid-April, under the name GNL and then Zyklon. The ransomware rebranded at the end of May, taking the current WildFire name, which it still uses.
During June, and later July, WildFire developers started a series of massive spam floods to distribute their ransomware, mostly targeting users living in the Netherlands.
Wildfire ransomware campaigns continued in August.
At the time researchers first discovered it, the ransomware wasn’t decryptable because it featured a solid encryption scheme.
Researchers, though, learned the bad guys behind WildFire decided to register custom Dutch domains and host servers in the Netherlands.
Even though Wildfire is a local threat, it still shows that ransomware is effective and evolving, said Kaspersky’s Jornt van der Wiel in a blog post.
Kaspersky’s van der Wiel advised users to:
• Be very suspicious when opening e-mails
• Don’t enable Word macro’s
• Always keep your software up-to-date
• Turn on Windows file extensions
• Create offline backups (or online backups with unlimited revisions)
• Turn on the behavioral analyzer of your AV
After police confiscated the attackers’ servers and gained access to the ransomware’s decryption keys, researchers created two free WildFire decrypters. Further, because they had access to the C&C server statistics, security researchers concluded that during the last 31 days, WildFire infected 5,309 computers, with 236 users paying the ransom. WildFire authors made 136 Bitcoin ($79,000), van der Wiel said.
Click here for the decrypters.