Advice Request How ransomware decryption key is made?

Please provide comments and solutions that are helpful to the author of this topic.

skiddow

New Member
Thread author
Apr 19, 2020
2
Hello! I have seen some companies/websites have provided decryption keys for some ransomwares. As my knowledge it is not possible to decrypt AES256 without a key. To generate these keys are they using some compute engine or something... ? I'm nervous and newbie. šŸ˜¦ Is anyone know how they do it?
 

struppigel

Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
656
Ransomware is only undecryptable by third parties if the malware developer implemented encryption correctly.
A lot of them do mistakes however, which enable us to retrieve keys or guess the keys in a reasonable time.

E.g., the most simple mistake is using only symmetric encryption like AES256 and nothing else. In that case the ransomware binary has to carry the AES256 key to use it for encryption. Symmetric encryption means the key that is used for encryption is also used for decryption. So we can just obtain a ransomwary binary, extract the key that it used for encrypting and use it for decrypting the files.

With ransomware that uses asymmetric cryptography (see picture below) on the other hand we cannot use the encryption key for decryption because those are different ones.

525px-Public_key_encryption.svg.png

There are also some companies that take your money to deal with ransomware cases, and use that money to pay the criminals to obtain the key from them. They act as middle man. In some cases they will not tell you that they pay the criminals, which is highly unethical. An article about such an instance is here:

Trusted websites who identify ransomware and link to free decrypters are:
The most free decrypters were done by Emsisoft. Their website has an overview to them.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top