[German]Security researchers have released a free decryptor for HermeticRansom ransomware. Thanks to bugs in the cryptography algorithm, it was possible to develop this decryptor. Victims can decrypt files of this ransomware, which is especially widespread in Ukraine.
Advertising
Nicolas Karassas points out the release of the decryptor and this ThreadPost article with a description of the details in the following tweet.
The free decrypter is able to decrypt files encrypted by ransomware found piggybacking with HermeticWiper malware. This was detected by ESET and Symantec days ago on computers belonging to financial, defense, aerospace and IT service providers in Ukraine, Lithuania and Latvia.
CrowdStrike's intelligence team discovered a few days ago that HermeticRansom (PartyTicket) had a crackable encryption process so that the decryptor could be developed. The decryptor can be downloaded here. More details can be found in the linked article.
