The Washington Post reports that the FBI had a decryption key for the REvil ransomware, but didn't pass it along to victims because it would have disrupted an ongoing operation. The key was obtained through access to the servers of the Russia-based criminal gang behind the July attack.
The Grief ransomware gang is threatening to delete victim's decryption keys if they hire a negotiation firm, making it impossible to recover encrypted files. Last week, BleepingComputer first reported that the Ragnar Locker ransomware gang threatened to automatically publish a victim's stolen data if they contacted law enforcement or negotiation firms.
The well-known and widely-used encryption library OpenSSL released a security patch earlier this week. Despite having TLS support as its primary aim, OpenSSL also lets you access the lower-level functions on which TLS itself depends, so you can use the libcrypto part of OpenSSL to do standalone encryption, compute file hashes, verify digital signatures and even do arithmetic with numbers that are thousands of digits long.
The SynAck ransomware gang released the master decryption keys for their operation after rebranding as the new El Cometa group. When ransomware operations encrypt files, they usually generate encryption keys on a victim's device and encrypt those keys with a master encryption key.
A key that can be used to decrypt files encrypted by the REvil ransomware delivered as part of the Kaseya attack has been made public. According to threat intelligence company Flashpoint, an individual using the online moniker "Ekranoplan" recently claimed on a hacker forum that they had obtained a decryption key for the REvil ransomware.
The universal decryption key for REvil's attack on Kaseya's customers has been leaked on hacking forums allowing researchers their first glimpse of the mysterious key. On July 22nd, Kaseya obtained a universal decryption key for the ransomware attack from a mysterious "Trusted third party" and began distributing it to affected customers.
The Avaddon ransomware gang has shut down operation and released the decryption keys for their victims to BleepingComputer.com. This file claimed to be the "Decryption Keys Ransomware Avaddon," and contained the three files shown below.
Accedian announced that its cloud-native performance monitoring and analytics platform, Skylight, will include new decryption technology to ensure end-to-end visibility on encrypted network traffic. The technology supports all Transport Layer Security versions, including TLS 1.3, allowing customers to maintain the privacy and security of encryption while still gaining valuable insight into network traffic for performance monitoring and threat detection.
The Avaddon ransomware gang has fixed a bug that let victims recover their files without paying the ransom. On Tuesday, Javier Yuste, a Ph.D. student at Rey Juan Carlos University, published a decryptor for the Avaddon Ransomware on his GitHub page and released a report describing the flaw through ArXiv.
The Ziggy ransomware operation has shut down and released the victims' decryption keys after concerns about recent law enforcement activity and guilt for encrypting victims. Over the weekend, security researcher M. Shahpasandi told BleepingComputer that the Ziggy Ransomware admin announced on Telegram that they were shutting down their operation and would be releasing all of the decryption keys.