Tag Archive for: Emsisoft
Luta Security and Emsisoft discuss how to fight ransomware at Disrupt – TechCrunch
Ransomware is an exponentially growing global threat. Here are just a few examples from 2022: Costa Rica declared a national emergency after a $20 million ransomware attack; ransomware caused one of the biggest U.S. health data breaches; and ransomware topped CSO’s list of nine hot cybersecurity trends.
To hammer the point home, 14 of the 16 critical infrastructure sectors in the U.S. experienced ransomware attacks during 2021, according to a February 2022 report from the Cybersecurity & Infrastructure Security Agency.
The urgent threat ransomware presents is why we’re excited to announce that Katie Moussouris, the founder and CEO at Luta Security, and Brett Callow, a threat analyst at Emsisoft, will join us onstage at TechCrunch Disrupt on October 18–20 in San Francisco.
In a conversation called “Winning the war on ransomware,” Moussouris and Callow will talk about why ransomware is escalating at such an alarming rate, define what “winning the war” looks like, and share what startup founders need to know — and what steps they can take — to protect their customers and their business.
A self-described computer hacker with more than 20 years of professional cybersecurity experience, Moussouris has a distinct perspective on security research, vulnerability disclosure, bug bounties and incident response. She serves in three advisory roles for the U.S. government as a member of the Cyber Safety Review Board, the Information Security and Privacy Advisory Board, and the Information Systems Technical Advisory Committee.
Moussouris worked with the U.S. Department of Defense where she led the launch of Hack the Pentagon, the government’s first bug bounty program. During her tenure with Microsoft, she worked on initiatives such as Microsoft’s bug bounty programs and Microsoft Vulnerability Research.
Moussouris serves as an advisor to the Center for Democracy and Technology, and she is also a cybersecurity fellow at New America and the National Security Institute.
A Vancouver Island–based threat analyst for cybersecurity company Emsisoft, Brett Callow lives life with an ear to the ground, monitoring emerging cyberthreat trends and…
AstraLocker ransomware decryptors released by Emsisoft
Threat actor released decryption keys after abandoning malware to focus on cryptojacking
Malware protection specialist Emsisoft has released free decryption tools for the AstraLocker and Yashma ransomware variants.
The decryptors were recently uploaded to the VirusTotal malware analysis platform by the ransomware’s developer after they reportedly shut down their operation in order to pivot to cryptojacking.
The AstraLocker decryptor and Yashma decryptor join a host of other decryptors made available for free by Emsisoft, a New Zealand-based outfit.
Using the decryptor
“Be sure to quarantine the malware from your system first, or it may repeatedly lock
your system or encrypt files,” reads a guide (PDF) on how to use the AstraLocker tool.
For systems compromised via Windows Remote Desktop, users are advised to change passwords for all users permitted to login remotely and check local user accounts for additional accounts the attacker might have added.
Catch up with the latest ransomware news and attacks
By default, the AstraLocker decryptor pre-populates locations selected for decryption from network and connected drives, but users can add other locations before initiating the decryption process.
The decryptor also defaults to leaving encrypted files in place, although users can enable automatic deletion if disk space is an issue.
“Since the ransomware does not save any information about the unencrypted files, the decryptor can’t guarantee that the decrypted data is identical to the one that was previously encrypted,” the guide warns.
BabyK offspring
AstraLocker, which emerged in 2021, is seemingly built on Babuk (or BabyK), a variant deployed via a ransomware-as-a-service (RaaS) model, according to a ReversingLabs analysis of the latter’s leaked source code.
Files are encrypted using a modified HC-128 encryption algorithm and Curve25519 cryptographic function, and or extensions are appended to encrypted files.
Yashma – or ‘AstraLocker 2.0’ – harnesses AES-128 and RSA-2048 to encrypt files and appends encrypted files with the extension or a random four-character alphanumeric combination.
According to ReversingLabs, AstraLocker 2.0…
