What now? Ransomware victim pays hacker, but decryption key fails
September 12, 2024 – Published on TechSpot
GuidePoint Security recently acted as a “negotiator” between an unnamed company and the group behind the Hazard ransomware. The malware infected the victim’s systems, encrypting “important” files and demanding payment to unlock them. The company reportedly felt compelled to pay, but the “decryptor” provided by the Hazard creators didn’t work as expected.
While dealing with unreliable decryptors isn’t common, GuidePoint explained, things in the malware world can sometimes behave unpredictably. After negotiating with the cybercriminals, the researchers were tasked with investigating why the newly acquired decryption tool was unable to restore the encrypted files.
The root cause was a bug in the encryption payload used by the Hazard ransomware. “A race-condition occurred when the threat actor executed multiple encryptors on the same system,” GuidePoint determined. Each file was encrypted a second time before being renamed with a new extension, resulting in missing bytes within a chunk of data appended to the original file.
Read More HERE.