Security News

FBI Had the REvil Decryption Key
2021-09-22 14:30

The Washington Post reports that the FBI had a decryption key for the REvil ransomware, but didn't pass it along to victims because it would have disrupted an ongoing operation. The key was obtained through access to the servers of the Russia-based criminal gang behind the July attack.

Ransomware gang threatens to wipe decryption key if negotiator hired
2021-09-15 18:22

The Grief ransomware gang is threatening to delete victim's decryption keys if they hire a negotiation firm, making it impossible to recover encrypted files. Last week, BleepingComputer first reported that the Ragnar Locker ransomware gang threatened to automatically publish a victim's stolen data if they contacted law enforcement or negotiation firms.

Big bad decryption bug in OpenSSL – but no cause for alarm
2021-08-27 18:03

The well-known and widely-used encryption library OpenSSL released a security patch earlier this week. Despite having TLS support as its primary aim, OpenSSL also lets you access the lower-level functions on which TLS itself depends, so you can use the libcrypto part of OpenSSL to do standalone encryption, compute file hashes, verify digital signatures and even do arithmetic with numbers that are thousands of digits long.

SynAck ransomware releases decryption keys after El_Cometa rebrand
2021-08-13 15:20

The SynAck ransomware gang released the master decryption keys for their operation after rebranding as the new El Cometa group. When ransomware operations encrypt files, they usually generate encryption keys on a victim's device and encrypt those keys with a master encryption key.

Decryption Key for Ransomware Delivered via Kaseya Attack Made Public
2021-08-11 14:39

A key that can be used to decrypt files encrypted by the REvil ransomware delivered as part of the Kaseya attack has been made public. According to threat intelligence company Flashpoint, an individual using the online moniker "Ekranoplan" recently claimed on a hacker forum that they had obtained a decryption key for the REvil ransomware.

Kaseya's universal REvil decryption key leaked on a hacking forum
2021-08-11 06:01

The universal decryption key for REvil's attack on Kaseya's customers has been leaked on hacking forums allowing researchers their first glimpse of the mysterious key. On July 22nd, Kaseya obtained a universal decryption key for the ransomware attack from a mysterious "Trusted third party" and began distributing it to affected customers.

Avaddon ransomware shuts down and releases decryption keys
2021-06-11 16:10

The Avaddon ransomware gang has shut down operation and released the decryption keys for their victims to BleepingComputer.com. This file claimed to be the "Decryption Keys Ransomware Avaddon," and contained the three files shown below.

Accedian launches TLS 1.3 decryption capabilities for Skylight platform
2021-03-11 01:15

Accedian announced that its cloud-native performance monitoring and analytics platform, Skylight, will include new decryption technology to ensure end-to-end visibility on encrypted network traffic. The technology supports all Transport Layer Security versions, including TLS 1.3, allowing customers to maintain the privacy and security of encryption while still gaining valuable insight into network traffic for performance monitoring and threat detection.

Avaddon ransomware fixes flaw allowing free decryption
2021-02-11 23:30

The Avaddon ransomware gang has fixed a bug that let victims recover their files without paying the ransom. On Tuesday, Javier Yuste, a Ph.D. student at Rey Juan Carlos University, published a decryptor for the Avaddon Ransomware on his GitHub page and released a report describing the flaw through ArXiv.

Ziggy ransomware shuts down and releases victims' decryption keys
2021-02-07 18:53

The Ziggy ransomware operation has shut down and released the victims' decryption keys after concerns about recent law enforcement activity and guilt for encrypting victims. Over the weekend, security researcher M. Shahpasandi told BleepingComputer that the Ziggy Ransomware admin announced on Telegram that they were shutting down their operation and would be releasing all of the decryption keys.