AtomSilo, Babuk, and LockFile victims get free decryptor key

Victims of AtomSilo, Babuk and LockFile get a free decryptor key. The decryption key for AtomSilo and LockFile presents itself in a single download because of the similarities between the two. The decryptor for Babuk appeared separately.

AtomSilo,Babuk and LockFile decryptor key

Jiří Vinopal, a security researcher at RE-CERT, shared the information on cracking the AtomSilo encryption. He also presented proof of an already created proof-of-concept decrypter. Cyber security specialists used this information to break the ransomware’s encryption scheme.

Concerning the Babuk ransomware specialists used the source code of this ransomware. Hackers leaked the source code on a Russian-speaking cybercrime forum at the beginning of September.

However only those Babuk victims can use their decryptor key if the file extensions read .babuk or .babyk.

What is ransomware?

Ransomware means a type of malicious software that hackers design to encrypt victims’ data. Once they do so, the victim must pay the ransom until the deadline. If the hackers’ demands don’t meet the files will be left unencrypted or the ransom payment will rise in sum. Some fraudsters also steal your sensitive data and ask for a separate ransom for keeping it unpublished. Governments often advise victims not to pay the ransom as it encourages further attacks. Facts show that those who pay will likely get another ransomware attack.

The first ransomware case goes back to 1989 when the “AIDS virus” was used. It extracted funds from victims and payments were subsequently mailed to Panama. Hackers also mailed the decryption key back to the victims. Back in 1996 Moti Yung and Adam Young from Columbia University introduced “cryptoviral extortion”. It worked like today’s ransomware malware. Researchers presented the first malware attack at the 1996 IEEE Security and Privacy conference. The virus encrypted the victim’s files and demanded payment for the decryption.

What gave popularity to the ransomware?

Ransomware rose in popularity together with the rapid development of cryptocurrencies. Such cryptos operate in encryption techniques to control the creation of new units and to verify and secure transactions. No one can attach the cryptocurrency wallet to a certain person until this person uncovers his ownership personally. Apart from Bitcoin, attackers ask to make payments in Ethereum, Ripple and Litecoin.

Nowadays ransomware spreads itself in almost any vertical. Hackers usually attack big enterprises, government agencies, universities, law firms and medical facilities. Such targets often have urgent needs in accessing their files. And more often they have sensitive data that some won`t have the desire to be disclosed. The possibility of attackers receiving the ransomware payment goes to a high percentage.

Recently FinCEN (The financial crimes investigation unit of the US Treasury Department) reported on the most common ransomware variants. The sum went up to $5.2 billion while the initial SAR (Suspicious Activity Reports) reports $1.56 billion in suspicious activity.