News Security

Kaspersky Issues Decryption Tool for Polyglot Ransomware Victims

Users that have suffered from Polyglot ransomware, also known as MarsJoke, can now restore their files thanks to the decryption tool developed by Kaspersky Lab experts

The Polyglot Trojan has been propagating via spam emails containing a malicious attachment packed in a RAR-archive. During the encryption process, the Trojan does not change the names of the files on an infected machine but it instead blocks access to them. After the encryption is completed, the desktop wallpaper on a victim’s screen is replaced with the ransom demand. Fraudsters request their ransom in bitcoins and, if the payment does not happen in time, the Trojan will delete itself from the infected device leaving all files encrypted.

This new ransomware looks similar to the infamous CTB-Locker ransomware, however after proper analysis, Kaspersky Lab experts haven’t found any similarities between their malware codes. The Polyglot ransomware mimics CTB-Locker in nearly every way. It has an almost identical graphics interface, a similar sequence of actions are required to obtain the decryption key, and the payment page, desktop Wallpaper etc. all look the same. The creators of Polyglot apparently thought that by mimicking CTB-Locker they could trick users, and make them think they are suffering from serious malware, leaving them with no option other than to pay the criminals.

Kaspersky Lab experts have carefully examined the Polyglot encryption mechanism and found that unlike CTB-Locker it uses a weak encryption key generator. A brute-force search through the whole set of possible Polyglot decryption key variants can be performed in less than a minute on a standard PC. Discovering this weakness has allowed Kaspersky Lab experts to develop a tool that can help to unlock user data.

“This case teaches us to never give up: ransomware has become a serious problem for all users, but sometimes a solution can be found. In this case the malware authors made an implementation mistake, making it possible to break the encryption. However, users should not rely only on luck when it comes to ransomware. This case is the exception rather than the rule, therefore we recommend all users to protect their devices proactively by using a reliable security solution and making sure all anti-encryption technologies are switched on,” says Anton Ivanov, Senior Malware Analyst at Kaspersky Lab.

Related posts

Eventus Security Named to MSSP Alert’s 2024 Global List of Top 250 MSSPs

enterpriseitworld

Five Tattva Partners with senhasegura to Deliver Advanced Privileged Access Management Solutions across India and Beyond

enterpriseitworld

Nxtra by Airtel becomes first data centre in India to deploy AI for enhanced operational excellence

enterpriseitworld
x