Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer, Dark Reading
Good news for ransomware victims: Researchers have released a free tool on GitHub that they say can help victims of intermittent encryption attacks recover data from some types of partially encrypted files — without having to pay a ransom for the decryption key.
Intermittent encryption is an approach where a ransomware operator only partially encrypts targeted files—instead of the entire file—to speed up encryption, impact more files, and to make detection harder. In recent months, several ransomware groups including BlackCat and Play have used the approach in attacks on hundreds of organizations worldwide. The victims of these attacks have included hospitals, banks, and universities.
Fortunately for such victims, data in some types of partially encrypted files can be decrypted given the right circumstances, security vendor Cyberark said in a report this week. That’s because many file formats including PDF and formats that Microsoft Office adhere to contain certain common parameters, which, even if encrypted, can be reconstructed relatively easily in a manner to make data recovery possible.
For instance, files often have a
“If partial encryption only wipes away the
As an example, Thompson points to an original file that might have a
andOriginal Post URL: https://www.darkreading.com/attacks-breaches/free-tool-unlocks-some-encrypted-data-in-ransomware-attacks
Category & Tags: –
Views: 0