Security Brief: The French Retis Ransomware Appends .Crypted

Discussion in 'Security News' started by Solarquest, Dec 21, 2017.

  1. Solarquest

    Solarquest Moderator
    Staff Member AV Tester

    Jul 22, 2014
    This is a security brief for the newly discovered ransomware called Retis. This brief will contain technical information related to how it infects a computer, how it is distributed, and whether it can be decrypted or not.

    Retis Summary
    The Retis Ransomware was discovered by security researcher SDK on December 19th 2017. This is a .NET ransomware, so its source code is easily accessible. When started it will first target the victim's Desktop, Documents, and Pictures folder for encryption. After encrypting those folder, it will target the rest of the drives on the computer.
    Is Retis Decryptable?
    Yes, in its current state, the Retis Ransomware can be decrypted because it uses a static key that can be retrieved by the executable. If anyone becomes a victim of this ransomware, please contact us and we will see if we can create a decryptor for you.

    On VT
Similar Threads Forum Date
Brief view of my security setup SCW Archive Mar 30, 2014
Fancy Bear Targets US Senate, Security Researchers Warn Security News Today at 7:20 AM
Update 360 Total Security 360 (Qihoo) Sunday at 3:28 PM