Malware News Two Free Decrypters Available for WildFire Ransomware

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
Intel McAfee and Kaspersky have published two decrypters that can unlock files encrypted during WildFire ransomware infections.

Both tools are available for download via the NoMoreRansom website, a collaboration between the two companies, the Dutch police, and the Europol European Cybercrime Centre (EC3).

WildFire appeared in the spring and targeted only the Netherlands
WildFire is a ransomware that was first spotted in mid-April, under the name GNL and then Zyklon. The ransomware rebranded at the end of May, taking the current WildFire name, which it still uses.

During June, and later July, WildFire devs started a series of massive spam floods to distribute their ransomware, mostly targeting users living in the Netherlands.

Security researcher MalwareHunterTeam told Softpedia that Wildfire ransomware campaigns continued in the month of August, even if not reported by security vendors as the initial wave of spam.
Based on data Softpedia received from MalwareHunterTeam, and from a later OpenDNS analysis, we presumed that Russian developers are behind this new ransomware variant.

Dutch police confiscate WildFire C&C servers
At the time it was discovered, security researchers said the ransomware wasn't decryptable because it featured a solid encryption scheme.

Researchers investigating this threat caught a lucky break when the crooks behind WildFire decided to register custom Dutch domains and host servers in the Netherlands.

"By working together with the police on this case, we had something much better in our hands: The botnetpanel code!" said Kaspersky's Jornt van der Wiel.

Leveraging this data, researchers created two free WildFire decrypters. Furthermore, because they had access to the C&C server statistics, security researchers concluded that during the last 31 days, WildFire infected 5,309 computers, with 236 users paying the ransom. WildFire authors made 136 Bitcoin ($79,000).

The decrypter created by Intel McAfee is a command-line utility and might be too advance for non-technical users.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top