Malware News Free Decrypter Available for Unlock92 Ransomware

Exterminator

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
Security researcher Michael Gillespie has created a decrypter that can help victims of the Unlock92 ransomware recover their files for free.

Unlock92 is a new ransomware variant first spotted by Malwarebytes security researcher S!Ri yesterday. The ransomware is actually from the same author of the Kozy.Jozy ransomware that appeared over a week ago.

Unlock92 ransomware is related to Kozy.Jozy ransomware
While Kozy.Jozy used a strong RSA-2048 algorithm system that prevented researchers from cracking its encryption routine, it appears that its author decided to make some modifications to Unlock92's codebase that eventually weakened its defenses.

Users can visit the ID Ransomware service to detect with what type of ransomware they are infected, but they can easily spot a Unlock92 infection based on the CRRRT extension it adds to each encrypted file.

Additionally, the ransomware also changes your wallpaper with a message that tells you to send an email to unlock92@india.com.

Unlock92 uses a 64-character hexadecimal password to lock files
When locking files, Unlock92 generates a random 64-character hexadecimal password for each infected user. Files are encrypted with a symmetric AES encryption, and the above password is encrypted with RSA and sent to the criminal's server. The ransomware targets the following file extensions:

Code: 
.cd, .ldf, .mdf, .max, .dbf, .epf, .1cd, .md, .db, .pdf, .ppt, .xls, .doc, .arj, .tar, .7z, .rar, .zip, .tif, .jpg, .ai, .bmp, .png, .cdr, .psd, .jpeg, .docx, .xlsx, .pptx, .accdb, .mdb, .rtf, .odt, .ods, .odb, .odg

Michael Gillespie's Unlock92 decrypter is available for download from here. Here are his instructions for using it:

To generate the key and IV, you will need an encrypted PNG file (*.png.CRRRT); the smaller the file, the better. This may take some time, but shouldn't be more than an hour for a small file on most machines - my i7 can tear through a 1KB file and find the key in a few minutes. Simply load it into the brute-forcer, and let it go. Once it finds a key, click 'Confirm Password,' then select a folder to decrypt.

Just to be safe, the best option is to make a backup of your encrypted files first, just in case something horrible happens during the decryption process and messes up your files.

Even if Unlock92 is from the same author, victims infected with Kozy.Jozy can't recover their files with this decrypter.
Click to expand...
 
  • Like
Reactions: Andytay70, Jrs30, silversurfer and 4 others
DJ Panda

DJ Panda

Level 30
Verified
Top Poster
Well-known
Aug 30, 2015
1,928
If someone works as a computer repairman. Would lot benifical to have a bunch of different ranspmeware decryption tools on their USB.
 
  • Like
Reactions: Andytay70
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • +Reputation
    • Applause
    • Like
Malware News New ShrinkLocker ransomware decryptor recovers BitLocker password
Replies
0
Views
269
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • +Reputation
    • Like
Malware News Surge in Magniber ransomware attacks impact home users worldwide
Replies
2
Views
2,498
Security News
Jonny Quest
Jonny Quest
Gandalf_The_Grey
    • Like
    • Applause
Malware News Dutch police crack DoNex ransomware, develop decryption tool
Replies
1
Views
2,900
Security News
Studynxx
S

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top