Free HermeticRansom Ransomware Decryptor Released

Cruddy cryptography means victims whose files have been encrypted by the Ukraine-tormenting ransomware can break the chains without paying extortionists.

A free decryptor is out to unlock a ransomware found piggybacking on the HermeticWiper data wiper malware that ESET and Broadcom’s Symantec discovered targeting machines at financial, defense, aviation and IT services outfits in Ukraine, Lithuania and Latvia last week.

The fact that there was ransomware clinging to the data-wiping malware didn’t surprise cybersecurity experts, of course. It was predicted by Katie Nickels, director of intel at Red Canary, for one: She tweeted that there was very likely a “broader intrusion chain.”

As you’re reading this, note this point: adversaries likely had control of the AD server already. They were already in. There’s a broader intrusion chain beyond just the wiper, it just isn’t publicly known yet. I’m watching for any details on what happens BEFORE wiper deployment.

— Katie Nickels (@likethecoins) February 23, 2022

What might have been a bit more surprising was the welcome discovery, made by CrowdStrike’s Intelligence Team earlier this week, that HermeticRansom had a lame encryption process that let the ransomware’s tentacles be untangled.

Avast Threat Labs had spotted

Read More: