HomesecurityResearchers have provided a decryption tool to victims of the BlackMatter ransomware

Researchers have provided a decryption tool to victims of the BlackMatter ransomware

The cyber security company Emsisoft helps them victims of BlackMatter ransomware, providing them with a decryption tool. This has already started this summer and has prevented the payment of millions of dollars to cybercriminals.

Emsisoft and its CTO, Fabian Wosar, help ransomware victims recover their files from 2012, when ACCDFISA appeared as the first modern ransomware.

See also: The FBI, CISA and NSA are issuing advice on BlackMatter ransomware attacks

BlackMatter ransomware decryption tool

Since then Wosar and other researchers have been trying to find errors in ransomware encryption algorithms, so that they can create decryption tools for victims.

However, Emsisoft works secretly so that ransomware gangs do not realize the existence of errors in their algorithms. The security company does not make public announcements, but cooperates quietly with trusted law enforcement associates and assists victims.

Emsisoft has created a secret decryption tool for BlackMatter ransomware

Shortly after the launch of the BlackMatter ransomware, Emsisoft discovered an error that allowed it to create a decryption tool so that victims could retrieve the files without paying ransom to criminals.

Emsisoft immediately notified law enforcement, ransomware trading companies, antitrust companies, CERTS and other trusted partners and informed them of the BlackMatter ransomware decryption tool.

Thanks to this notice, partners were able to refer BlackMatter victims to Emsisoft to retrieve their files without ransom.

"Since then, we have been busy helping BlackMatter ransomware victims recover their data. With the help of law enforcement, CERT and private sector partners in many countries, we have been able to reach many victims, helping them to avoid paying tens of millions of dollars", Explains Wosar.

See also: BlackMatter ransomware: Demands 5.9 million from agricultural cooperative

In addition, Emsisoft communicated with victims who uploaded samples of ransomware to various sites. So he managed to help a large number of victims.

"We have been fighting ransomware for more than ten years, so we understand the frustration the infosec community feels with ransomware threats", Shared Wosar.

However, investigators were initially able to disrupt the negotiation talks between hackers and victims through the samples and ransomware notes that were published. And so they could contact victims to tell them not to pay the ransom.

As victims began to refuse to pay, BlackMatter became increasingly suspicious and shut down its platform so that only the victim could access the site for negotiations.

In addition, criminals began to put more pressure on victims and negotiators. A trader told BleepingComputer that began receiving death threats from the BlackMatter gang, as none of the victims of an attack paid a ransom.

Emsisoft decryption tool

Unfortunately, ransomware gang BlackMatter learned about the decryption tool in late September and managed to fix the bugs that allowed Emsisoft to retrieve the victims' files.

See also: Italian celebrity data exposed to ransomware attack on SIAE

Victims affected by ransomware attacks before the end of September can still use the decryption tool to escape ransom.

Those affected by BlackMatter ransomware after fixing the bug can no longer be helped, but Emsisoft suggests contacting it to see if it can help in any way.

Emsisoft has found vulnerabilities in about a dozen active ransomware companies, which can be used to retrieve encrypted victim data without ransom payment.

The security company advises victims to contact law enforcement to report attacks so that Emsisoft can be notified and check if a decryption tool is available.

Source: Bleeping Computer

Digital fortress
Pursue Your Dreams & Live!