Security News > 2023 > February > Released: Decryptor for Cl0p ransomware’s Linux variant

Flawed encryption logic used in Cl0p ransomware's Linux variant has allowed SentinelOne researchers to create and release a free decryptor.

"The [Cl0p] Windows variant encrypts the generated RC4 key responsible for the file encryption using the asymmetric algorithm RSA and a public key. In the Linux variant, the generated RC4 key is encrypted with a RC4 [hardcoded] 'master-key'," the researchers explained.

The Linux Cl0p variant is relatively new, and was first spotted by the researchers in late December 2022.

The differences between the Windows and Linux variant are many.

"Over the last twelve months or so we have continued to observe the increased targeting of multiple platforms by individual ransomware operators or variants," the researchers noted.

"While the Linux-flavored variation of Cl0p is, at this time, in its infancy, its development and the almost ubiquitous use of Linux in servers and cloud workloads suggests that defenders should expect to see more Linux-targeted ransomware campaigns going forward."

News URL

https://www.helpnetsecurity.com/2023/02/07/cl0p-ransomware-decryptor-linux/