O autor de uma das variantes de malware Locker Ransonware pede desculpas

O autor de uma das variantes de malware Locker Ransonware pede desculpas publicamente, apresentando-se anonimamente como Poka BrightMinds. Transcrevemos o texto original em inglês:

I am the author of the Locker ransomware and I'm very sorry about that has happened. It was never my intention to release this.

I uploaded the database to mega.co.nz containing "bitcoin address, public key, private key" as CSV.

This is a dump of the complete database and most of the keys weren't even used.

All distribution of new keys has been stopped.

https://mega.co.nz/#!W85whbSb!kAb-5VS1Gf20zYziUOgMOaYWDsI87o4QHJBqJiOW6Z4  

Automatic decryption will start on 2nd of june at midnight.

@devs, as you might be aware the private key is used in the RSACryptoServiceProvider class .net and files are encrypted with AES-256 bit using the RijndaelManaged class.

This is the structure of the encrypted files:

• 32 bit integer, header length
  • byte array, header (length is previous int)

*decrypt byte array using RSA & private key.

Decrypted byte array contains:

• 32 bit integer, IV length
• byte array, IV (length is in previous int)
• 32 bit integer, key length
• byte array, Key (length is in previous int) - rest of the data is the actual file which can be decrypted using Rijndaelmanaged and the IV and Key

Again sorry for all the trouble.

Poka BrightMinds

CoinVault ransomware DECRYPTOR

A Kaspersky Lab lançou entretanto o seguinte site para ajudar as vítimas do CoinVault ransomware, tendo assim a oportunidade de recuperar os seus dados sem ter que pagar aos cibercriminosos: https://noransom.kaspersky.com/