LockCrypt Ransomware Cracked Due to Bad Crypto

[Faybert]

Content source

https://www.bleepingcomputer.com/news/security/lockcrypt-ransomware-cracked-due-to-bad-crypto/

The team at Malwarebytes has identified a weakness in the encryption scheme utilized by the LockCrypt ransomware that they can exploit to recover a victim's data.
The flaw —explained in a Malwarebytes report here— resides in the fact that the LockCrypt crew decided to roll out a custom encryption scheme instead of using proven systems.
Researchers' efforts were also aided after discovering a LockCrypt sample that was not obfuscated or crypted, allowing investigators access to the ransomware's internal structure in great detail.
With the new info that researchers gathered, they were now able to provide help to victims who got infected by this threat.

LockCrypt ransomware installed after RDP attacks
The LockCrypt ransomware was first spotted last June. Researchers believe the LockCrypt gang had previously distributed versions of the Satan ransomware. The most high profile case of a LockCrypt infection happened in December last year when crooks managed to infect the network of Mecklenburg County in North Carolina.
There was little activity from this ransomware variant because the LockCrypt group didn't mass-distribute their malware via email spam or exploit kits, but they broke into organizations' networks via RDP and manually installed the ransomware on compromised computers.
.....
.....