Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Emsisoft
Emsisoft Decrypter for HydraCrypt and UmbreCrypt Ransomware
Message
<blockquote data-quote="Av Gurus" data-source="post: 481126" data-attributes="member: 28210"><p><a href="https://twitter.com/fwosar?lang=en" target="_blank">Fabian Wosar</a> of <a href="http://www.emsisoft.com/" target="_blank">Emisoft</a> has done it again with his <a href="http://blog.emsisoft.com/2016/02/12/decrypter-for-hydracrypt-and-umbrecrypt-available/" target="_blank">release of a decrypter</a> for the <a href="http://www.malware-traffic-analysis.net/2016/02/03/index2.html" target="_blank">HydraCrypt</a> and<a href="http://www.bleepingcomputer.com/news/security/umbrecrypt-ransomware-manually-installed-via-terminal-services/" target="_blank">UmbreCrypt</a> ransomware infections. Both of these infections are part of the CrypBoss Ransomware family, whose source code was leaked on pastebin last year. When analyzing this source code, Fabian had found a flaw that allowed him to release a decrypter last year for this family of infections. Though HydraCrypt and UmbreCrypt have since modified the encryption scheme, Fabian was still able to utilize the original flaw to crack these variants as well.</p><p></p><p><span style="font-size: 18px"><strong>Decrypting UmbreCrypt and HydraCrypt</strong></span></p><p>If you are infected with this malware, simply download decrypt_hydracrypt.exe from the following link and save it on your desktop:</p><p></p><p><img src="http://www.bleepstatic.com/swr-guides/c/cryptinfinite/decryptinfinite-icon.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p><p><strong>DECRYPTHYDRACRYPT DOWNLOAD</strong></p><p> </p><p><a href="http://emsi.at/DecryptHydraCrypt" target="_blank">DOWNLOAD NOW</a></p><p>In order to find your decryption key, you need to drag an encrypted file and unencrypted version of the same file onto the decrypt_hydracrypt.exe icon at the same time. So you would select both the encrypted and unencrypted version of a file and drag them both onto the executable. If you do not have an an original version of one of your encrypted files, in our tests you can use a encrypted PNG file and any other unencrypted PNG file that you get off of the Internet and drag them together onto the decrypt_hydracrypt.exe icon. Once you determine the key used to encrypt one of your files, you can then use that key to decrypt <strong>ALL</strong> other files on your computer.</p><p></p><p>To show what I mean about dragging both files at the same time, see the example below. To create the key, I created a folder that contains an encrypted PNG file, a totally different valid PNG file, and the decrypt_hydracrypt.exe program. I then dragged both the regular PNG file and the encrypted one onto the executable at the same time.</p><p></p><p><img src="http://www.bleepstatic.com/images/news/ransomware/umbrecrypt/decrypt/decrypter_howto_dragdrop[1].gif" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p><p><strong>How to drag the files onto the Decrypter</strong></p><p></p><p>When the program starts, you will be presented with a UAC prompt as shown below. Please click on <strong>Yes</strong> button to proceed. </p><p> </p><p></p><p><img src="http://www.bleepstatic.com/images/news/ransomware/cryptinfinite/uac-prompt.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p><p><strong>UAC Prompt</strong></p><p>When a key was able to be brute forced, it will display it an a new window like the one below. Please write down this key in the event you need it again in the future.</p><p> </p><p></p><p><img src="http://www.bleepstatic.com/images/news/ransomware/umbrecrypt/decrypt/decryption-key-found.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p><p><strong>Decryption Key Found</strong></p><p></p><p>To start decrypting your files with this key, please click on the <strong>OK</strong> button. You will then be presented with a license agreement that you must click on <strong>Yes</strong> to continue. You will now see the main DecryptInfinite screen that displays all the encrypted files that were listed in the Registry.</p><p></p><p></p><p>Look through the list of encrypted files and if it appears that they are all there, then click on the <strong>Decrypt</strong> button. If there are files missing, you can click on the <strong>Add Folder</strong> button to add other folders that contain encrypted files. Once you have added all the folders you wish to decrypt, click on the <strong>Decrypt</strong> button to begin the decryption process. Once you click Decrypt, DecryptInfinite will decrypt all the encrypted files and display the decryption status in a results screen like the one below.</p><p></p><p><img src="http://www.bleepstatic.com/images/news/ransomware/umbrecrypt/decrypt/decrypted.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p><p><strong>Decryption Results</strong></p><p>All of your files should now be decrypted.</p><p></p><p>For those who wish to know more technical information about this ransomware, you can read <a href="http://www.bleepingcomputer.com/news/security/umbrecrypt-ransomware-manually-installed-via-terminal-services/" target="_blank">our analysis of UmbreCrypt</a> here. If you need help getting this decrypter to work, please ask in our <a href="http://www.bleepingcomputer.com/forums/t/604391/umbrecrypt-ransomware-support-topic/?p=3926545" target="_blank">UmbreCrypt Ransomware Support Topic</a>.</p><p></p><p>SOURCE: <a href="http://www.bleepingcomputer.com/news/security/emsisoft-releases-a-decrypter-for-hydracrypt-and-umbrecrypt-ransomware/" target="_blank">Emsisoft Releases a Decrypter for HydraCrypt and UmbreCrypt Ransomware</a></p></blockquote><p></p>
[QUOTE="Av Gurus, post: 481126, member: 28210"] [URL='https://twitter.com/fwosar?lang=en']Fabian Wosar[/URL] of [URL='http://www.emsisoft.com/']Emisoft[/URL] has done it again with his [URL='http://blog.emsisoft.com/2016/02/12/decrypter-for-hydracrypt-and-umbrecrypt-available/']release of a decrypter[/URL] for the [URL='http://www.malware-traffic-analysis.net/2016/02/03/index2.html']HydraCrypt[/URL] and[URL='http://www.bleepingcomputer.com/news/security/umbrecrypt-ransomware-manually-installed-via-terminal-services/']UmbreCrypt[/URL] ransomware infections. Both of these infections are part of the CrypBoss Ransomware family, whose source code was leaked on pastebin last year. When analyzing this source code, Fabian had found a flaw that allowed him to release a decrypter last year for this family of infections. Though HydraCrypt and UmbreCrypt have since modified the encryption scheme, Fabian was still able to utilize the original flaw to crack these variants as well. [SIZE=5][B]Decrypting UmbreCrypt and HydraCrypt[/B][/SIZE] If you are infected with this malware, simply download decrypt_hydracrypt.exe from the following link and save it on your desktop: [IMG]http://www.bleepstatic.com/swr-guides/c/cryptinfinite/decryptinfinite-icon.png[/IMG] [B]DECRYPTHYDRACRYPT DOWNLOAD[/B] [URL='http://emsi.at/DecryptHydraCrypt']DOWNLOAD NOW[/URL] In order to find your decryption key, you need to drag an encrypted file and unencrypted version of the same file onto the decrypt_hydracrypt.exe icon at the same time. So you would select both the encrypted and unencrypted version of a file and drag them both onto the executable. If you do not have an an original version of one of your encrypted files, in our tests you can use a encrypted PNG file and any other unencrypted PNG file that you get off of the Internet and drag them together onto the decrypt_hydracrypt.exe icon. Once you determine the key used to encrypt one of your files, you can then use that key to decrypt [B]ALL[/B] other files on your computer. To show what I mean about dragging both files at the same time, see the example below. To create the key, I created a folder that contains an encrypted PNG file, a totally different valid PNG file, and the decrypt_hydracrypt.exe program. I then dragged both the regular PNG file and the encrypted one onto the executable at the same time. [IMG]http://www.bleepstatic.com/images/news/ransomware/umbrecrypt/decrypt/decrypter_howto_dragdrop[1].gif[/IMG] [B]How to drag the files onto the Decrypter[/B] When the program starts, you will be presented with a UAC prompt as shown below. Please click on [B]Yes[/B] button to proceed. [IMG]http://www.bleepstatic.com/images/news/ransomware/cryptinfinite/uac-prompt.jpg[/IMG] [B]UAC Prompt[/B] When a key was able to be brute forced, it will display it an a new window like the one below. Please write down this key in the event you need it again in the future. [IMG]http://www.bleepstatic.com/images/news/ransomware/umbrecrypt/decrypt/decryption-key-found.jpg[/IMG] [B]Decryption Key Found[/B] To start decrypting your files with this key, please click on the [B]OK[/B] button. You will then be presented with a license agreement that you must click on [B]Yes[/B] to continue. You will now see the main DecryptInfinite screen that displays all the encrypted files that were listed in the Registry. Look through the list of encrypted files and if it appears that they are all there, then click on the [B]Decrypt[/B] button. If there are files missing, you can click on the [B]Add Folder[/B] button to add other folders that contain encrypted files. Once you have added all the folders you wish to decrypt, click on the [B]Decrypt[/B] button to begin the decryption process. Once you click Decrypt, DecryptInfinite will decrypt all the encrypted files and display the decryption status in a results screen like the one below. [IMG]http://www.bleepstatic.com/images/news/ransomware/umbrecrypt/decrypt/decrypted.jpg[/IMG] [B]Decryption Results[/B] All of your files should now be decrypted. For those who wish to know more technical information about this ransomware, you can read [URL='http://www.bleepingcomputer.com/news/security/umbrecrypt-ransomware-manually-installed-via-terminal-services/']our analysis of UmbreCrypt[/URL] here. If you need help getting this decrypter to work, please ask in our [URL='http://www.bleepingcomputer.com/forums/t/604391/umbrecrypt-ransomware-support-topic/?p=3926545']UmbreCrypt Ransomware Support Topic[/URL]. SOURCE: [URL="http://www.bleepingcomputer.com/news/security/emsisoft-releases-a-decrypter-for-hydracrypt-and-umbrecrypt-ransomware/"]Emsisoft Releases a Decrypter for HydraCrypt and UmbreCrypt Ransomware[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
