This is the beginning of the end of blackmail…

If you fall victim to extortion programs, the consequences can be dire. The good news is that this will all be over soon

If you are not lucky enough to be caught by extortion programs, the consequences can be dire. You may be able to get rid of the infection, but all important files affected by such an attack will remain locked.

Otherwise, files can sometimes be restored in the following ways:

  • The author of the extortion software is making some mistakes or its files are simply poorly coded. Researchers find a way to recover the decryption key and publish it so that victims can recover their files.
  • The authors themselves provide the keys. This could be for several reasons. Perhaps they have created too much interest and want to step into the shade with a proposal for a good job. The second time around, they decided “the party’s over” by releasing a new version and giving previous victims a “get out of jail for free” pass.

Fortunately, there will be fewer and fewer such attacks now that someone has made a post on the Bleeping Computer forums claiming to be the developer of not only the “Maze” software, but also the Egregor and Sekhmet recovery software families.

The text of the advertisement is as follows:
“Hello, this is a developer. It was decided to release the keys to the families of the Egregor, Maze and Sekhmet blackmail programs to the public..

There is also a little harmless source code for the standard x86 / x64 EPO virus file compiler, which is normally detected as Win64 / Expiro, but it’s not really Expiro, but AV engines detect it, so there is no common connection with GAS. Each key archive contains corresponding keys in the digital folders that match the identifier in the configuration.

The “OLD” maze leak contains the keys to its old version based on the email. Consider decrypting this version first as there are too many victims of this version for regular computer users.”

The forum post included a zip file containing the decryption keys for the recovery software, as well as some malware source code used by the Maze gang.

The decryption tool is now there for all three groups mentioned, thanks to the version of the keys in the forum and is already available for download. The zip file has already been removed from the forum due to the inclusion of the malware source code.

The author argues that this post and forum post are not related to the arrest, but nonetheless, it seems to be more important than announcing that the malware domain has been abandoned to avoid problems.

Are the attackers gone for good now, or will they come back with a new set of ransom files? Only time will prove…

Bitcoin Trader

Bitcoin Trader

Leave a Reply

Your email address will not be published. Required fields are marked *