The cyber security company Emsisoft helps them victims of BlackMatter ransomware, providing them with a decryption tool. This has already started this summer and has prevented the payment of millions of dollars to cybercriminals.
Emsisoft and its CTO, Fabian Wosar, help ransomware victims recover their files from 2012, when ACCDFISA appeared as the first modern ransomware.
Since then Wosar and other researchers have been trying to find errors in ransomware encryption algorithms, so that they can create decryption tools for victims.
However, Emsisoft works secretly so that ransomware gangs do not realize the existence of errors in their algorithms. The security company does not make public announcements, but cooperates quietly with trusted law enforcement associates and assists victims.
Emsisoft has created a secret decryption tool for BlackMatter ransomware
Shortly after the launch of the BlackMatter ransomware, Emsisoft discovered an error that allowed it to create a decryption tool so that victims could retrieve the files without paying ransom to criminals.
Emsisoft immediately notified law enforcement, ransomware trading companies, antitrust companies, CERTS and other trusted partners and informed them of the BlackMatter ransomware decryption tool.
Thanks to this notice, partners were able to refer BlackMatter victims to Emsisoft to retrieve their files without ransom.
"Since then, we have been busy helping BlackMatter ransomware victims recover their data. With the help of law enforcement, CERT and private sector partners in many countries, we have been able to reach many victims, helping them to avoid paying tens of millions of dollars", Explains Wosar.
In addition, Emsisoft communicated with victims who uploaded samples of ransomware to various sites. So he managed to help a large number of victims.
"We have been fighting ransomware for more than ten years, so we understand the frustration the infosec community feels with ransomware threats", Shared Wosar.
However, investigators were initially able to disrupt the negotiation talks between hackers and victims through the samples and ransomware notes that were published. And so they could contact victims to tell them not to pay the ransom.
As victims began to refuse to pay, BlackMatter became increasingly suspicious and shut down its platform so that only the victim could access the site for negotiations.
In addition, criminals began to put more pressure on victims and negotiators. A trader told BleepingComputer that began receiving death threats from the BlackMatter gang, as none of the victims of an attack paid a ransom.
Unfortunately, ransomware gang BlackMatter learned about the decryption tool in late September and managed to fix the bugs that allowed Emsisoft to retrieve the victims' files.
Victims affected by ransomware attacks before the end of September can still use the decryption tool to escape ransom.
Those affected by BlackMatter ransomware after fixing the bug can no longer be helped, but Emsisoft suggests contacting it to see if it can help in any way.
Emsisoft has found vulnerabilities in about a dozen active ransomware companies, which can be used to retrieve encrypted victim data without ransom payment.
The security company advises victims to contact law enforcement to report attacks so that Emsisoft can be notified and check if a decryption tool is available.
Source: Bleeping Computer