Security News > 2023 > August > Free Key Group ransomware decryptor helps victims recover data
Researchers took advantage of a weakness in the encryption scheme of Key Group ransomware and developed a decryption tool that lets some victims to recover their files for free.
" encrypts victim data using the AES algorithm in Cipher Block Chaining mode with a given static password," explains EclecticIQ. "The password is derived from a key using the Password-Based Key Derivation Function 2 with a fixed salt," the researchers add.
Key Group is a Russian-speaking threat actor that sprung into action in early 2023, attacking various organizations, stealing data from compromised systems, and then using private Telegram channels to negotiate ransom payments.
Russian threat intelligence firm BI.ZONE has previously reported that Key Group based its ransomware on the Chaos 4.0 builder, while EclecticIQ has seen the group selling on Russian-speaking darknet markets stolen data and SIM cards, as well as sharing doxing data and remote access to IP cameras.
The Key Group ransomware decryptor is a Python script.
Free Akira ransomware decryptor helps recover your files.