Security News New Black Basta decryptor exploits ransomware flaw to recover files


Level 26
Thread author
Top Poster
Aug 17, 2017
Researchers have created a decryptor that exploits a flaw in Black Basta ransomware, allowing victims to recover their files for free.

The decryptor allows Black Basta victims from November 2022 to this month to potentially recover their files, however, BleepingComputer has learned that the Black Basta developers fixed the bug in their encryption routine about a week ago, preventing this decryption technique from being used in newer attacks.

The 'Black Basta Buster' decryptor comes from Security Research Labs (SRLabs), which found a weakness in the encryption algorithm used by the ransomware gang's encryptors that allows for the discovery of the ChaCha keystream used to XOR encrypt a file.

"Our analysis suggests that files can be recovered if the plaintext of 64 encrypted bytes is known. Whether a file is fully or partially recoverable depends on the size of the file," explains the writeup on the method in SRLabs' GitHub repository.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.