- Jan 24, 2011
- 9,378
Fabian Wosar, a malware analyst at Emsisoft, has created a free decrypter that can unlock files encrypted by the recently discovered Stampado ransomware.
The ransomware was first spotted online around ten days ago by security researchers from Heimdal Security. Stampado was never detected in live infections but as an ad for a Ransomware-as-a-Service (RaaS) offering on Dark Web cyber-crime forums.
Its author was peddling the ransomware for an incredibly low price of only $39, compared to other RaaS services that went into the hundreds and thousands of dollars.
Stampado was more hype than anything else
Security researchers were eventually able to find some samples of this ransomware uploaded on VirusTotal. It did not take long for a ransomware guru like Wosar to find a weakness in how Stampado works.
According to Wosar, the ransomware is coded in the AutoIt scripting language, appends the .locked extension to all locked files, and uses a symmetric AES-256 encryption algorithm.
Stampado is not as professional as its authors claimed to be. The ransomware still relies on infected victims contacting the crooks via email to negotiate the ransom payment, instead of using an automated website like most other ransomware families do, usually hosted on Tor-based websites.
Read more: Stampado Ransomware Stomped Out Before It Could Do Any Real Damage