The ransomware extracted cryptocurrency from victims in exchange of gaining access to affected data
In a major effort to aid victims of the VCryptor Ransomware attack, Spanish telecommunications company Telefónica announced yesterday that its cybersecurity department has developed a tool to recover data encrypted by the VCryptor. The free decryptor tool was developed and launched under the “No more Ransomware” international initiative aimed at the prevention of ransomware.
According to ElevenPaths, Telefónica’s cybersecurity department, the VCryptor ransomware targeted the data of the victims which was then stored in a password-protected ZIP file. The new files showcasing the extension were generated to replace the original files. Then, the ransomware displayed a message to inform victims about their attack.
Victims were coerced to pay attackers a ransom using cryptocurrencies to regain access to their encrypted files. It was reported that Bitcoin was the most popular choice of payment for hackers. The victims could also be asked to infect their contacts in exchange for their data instead of paying.
Telefónica’s free tool takes advantage of a weak point found in the ransomware’s encryption password method. ElevenPaths stated that the weakness was in fact found in the pathogen’s own code. The ransomware does not use the usual model of different keys to decrypt and encrypt files.
The key, in this case, was present within the malware that was discovered and used by ElevenPaths to create the free tool.
The tool can be found on the website of No More Ransomware, an initiative by antivirus software companies such as McAfee, Europol, Politie and Kaspersky. The decrypter is available for free for victims of attacks, and can help to recover data locked up by ransomware. Telefónica’s cybersecurity division, ElevenPaths, was also involved in creating free tools to help decrypt the files affected by the PopCorn ransomware in the past.
The No More Ransomware initiative was the result of an alliance between McAfee, Europol, Politie and Kaspersky. It was created to provide a platform that offers malware solutions. Earlier this year, Interpol and the cybersecurity firm, Kaspersky, came together to declare May 12 as anti-ransomware day.
The day was intended to raise awareness and support the fight against ransomware attacks across the globe. “These cyberthreats are causing serious harm to people and organizations, which exacerbate an already dire situation in the physical world. Now is the time when we all must come together to stop them,” Interpol’s director of cybercrime, Craig Jones had said during the announcement.