Tag Archive for: developed

Black Basta ransomwre decryptor developed, then defeated

/in


A new decryptor has been developed for Black Basta ransomware by security researchers. The program exploits a vulnerability in the encryption algorithm to decrypt files previously stolen by the cybercriminal gang. 

However, the decryptor, built by Security Research Labs (SRLabs), only allows for the recovery of data from between November 2022 and this month, as Black Basta appears to have now patched the flaw in its malware, BleepingComputer reports.

An image of a key overlaid over code, used to illustrate a story about Black Basta.
The decryptor exploits a flaw in the way large files were encrypted by Black Basta between November 2022 and January 2024. (Photo by Elena Abrazhevich / Shutterstock)

Only certain files can be recovered in that timeframe, too, said SRLabs. These include files with plaintext of 64 encrypted bytes and between 5,000 bytes and 1GB in size. “For files larger than 1GB, the first 5000 bytes will be lost but the remainder can be recovered,” wrote SRLabs researchers on the firm’s GitHub repository. The decryptor itself, dubbed “Black Basta Buster,” has now been released by the company.

It works by exploiting a weakness in Black Basta’s encryption algorithm, which creates a 64-byte keystream. When used to encrypt a file where the bytes are only zeroes, its XOR key was written to the file in question, allowing SRLabs researchers to decrypt it. Consequently, files containing large numbers of “zero-byte” sections like virtualised disk images are easier to recover, said the team. However, CISOs should be aware that an additional shell script is required to release more than one file at a time. 

Black Basta’s crime spree

Digital forensics and incident response companies have known about this quirk in Black Basta’s malware for months, BleepingComputer says, allowing clients to recover their data without having to pay ransoms. SRLabs’ ransomware decryptor is one of several such tools that were released toward the close of 2023. These included programs to recover data from Key Group ransomware, BlackCat and LockBit.

In addition to patching SRLabs’ decryptor, Black Basta had much to celebrate over the holidays….

Source…

360 CEO Zhou Hongyi: Safety Technologies Developed at Hozon Auto Will Be Extended to the Whole Industry

/in


The 2021 World Intelligent Connected Vehicles Conference was held in Beijing on Saturday, the world’s largest professional exhibition on intelligent networked and new energy vehicles, with many first-class enterprises participating both from within China and from abroad.

Zhou Hongyi, founder and CEO of the internet security company Qihoo 360 Technology, said at the conference that mature safety technologies that developed on Hozon Auto will be extended the whole industry in the future.

On Saturday evening, Zhou wrote on Weibo, saying that “Qihoo 360 Technology is not only a promoter of smart car safety technology, but also a participant. This year, Qihoo 360 Technology invested in Hozon Auto, hoping to recombine our Internet technologies with automobile manufacturers. We hope to develop Hozon Auto as a test field for smart car safety technology, and will extend the mature technology researched at Hozon Auto to other automobile companies in the future. “

In May this year, Qihoo 360 Technology announced its cooperation with Hozon Auto to build their own smart vehicles. In July, Zhou said in an interview, “Smart electric vehicles can be built below 150,000 yuan ($23,196), and cars below this price account for about 70% of the total sales of all models in China. If this market is not fully developed, it means that smart electric vehicles will always be niche products.”

SEE ALSO: Blacklisted Chinese Cybersecurity Company Qihoo360 Criticizes US for “Irresponsible Action”

According to its official website, Qihoo 360 Technology Co., Ltd. was founded in 2005 and is headquartered in Beijing. It is the largest provider of Internet and mobile security products and services in China. The company listed on the New York Stock Exchange in 2011.

Source…

US Has Some Of The Most Expensive Mobile Data Prices In The Developed World

/in

While the U.S. wireless industry likes to talk a lot about how ultra-competitive it is, that’s generally not the case. While there’s more competition in wireless than in the fixed-line broadband sector (where there’s virtually no competition at faster speeds due to upgrade-phobic telcos and cable’s growing broadband monopoly), much of the competition in wireless tends to be theatrical in nature. Most of the major four carriers still usually outright refuse to compete on price, something you don’t get to have a choice about in a truly competitive market.

While T-Mobile’s disruption of the market (which has its limits) has certainly helped improve some of the worst aspects of US wireless (like long term contracts and international roaming price gouging), Americans have long paid more money for mobile data than most of the developed world. A new report out of Finland by Rewheel has once again driven that point home. According to the firm’s latest data, U.S consumers pay the fifth-highest rate on average per gigabyte for smartphone plans across OECD and European countries, and the highest prices on average for mobile data services provided via things like mobile hotspots.

All told, U.S. smartphone plans are more than four times higher than in most EU countries, and up to sixteen times higher across much of Europe:

The study comes on the heels of another important study showing that streaming video quality over U.S. networks is some of the worst quality in the developed world — in large part because carriers have begun erecting artificial barriers consumers then have to pay even more to overcome. For example, Verizon now throttles all video by default on its unlimited data plans to 480p (or around 1.5 Mbps), requiring you jump to a more expensive tier if you want streaming to actually work like the originator intended.

The new Rewheel study was quick to point out that whereas the US market should see more serious price competition due to having four major carriers, that’s not the case. US pricing tends to more directly compare to countries where there’s just three major wireless competitors and real price competition is somewhat suppressed. And while the study doesn’t explain why, we’ve noted repeatedly how much of this is thanks to the monopoly companies like AT&T, Verizon, and CenturyLink enjoy over the business data services (BDS) market that feeds everything from ATMs to cell towers.

In other words, even if you’re a scrappy competitor like T-Mobile that somehow manages to beat back the giants at spectrum auction and in DC lobbying, you’ll still need to pay them significant sums just to connect your towers to core networks, tightening your margins and driving up your costs. The FCC’s own data has indicated that roughly 79% of the BDS market is dominated by just one company, usually AT&T, Verizon, or CenturyLink.

Meanwhile, having regulators like Ajit Pai who are now no more than giant rubber stamps for industry interests means none of these underlying problems are going to be fixed any time soon. In fact, Ajit Pai’s “solution” to this problem was to literally redefine the word competition at the FCC to try and hide that the problem exists at all. With that kind of leadership, it shouldn’t be too surprising why US consumer mobile bills are so high compared to their European counterparts.

And researchers at Rewheel were quick to hint that it’s going to get worse with the looming merger between T-Mobile and Sprint, which actually will reduce the sector to three competitors, proportionally reducing any genuine incentive to actually compete on price. The firm was quick to pour a little cold water on the idea that merger mania and fifth generation (5G) upgrades will somehow fix the sector’s deep-rooted issues:

“Judging from the excessive gigabyte prices, US operators are charging today for 4G mobile broadband (see Verizon’s striking $ 710 100 gigabyte hotspot plan–in Europe 100 gigabyte mobile broadband typically costs between €10 and €20) merger promises concerning affordable 5G home broadband should be critically reviewed and if verified must be made binding.”

And this is all before you get to the real cost impact of killing things like the FCC’s broadband privacy rules, net neutrality, and other consumer protections, which were some of the only things standing between US carriers and even more aggressive, creative nickel-and-diming of American consumers. Should ISPs and the FCC win the court challenge to the net neutrality repeal next Spring, you can expect a hell of a lot more “creative” efforts to jack up US consumer bills even higher.

Permalink | Comments | Email This Story

Techdirt.