HermeticRansom Ransomware Decryptor available

Sicherheit (Pexels, allgemeine Nutzung)[German]Security researchers have released a free decryptor for HermeticRansom ransomware. Thanks to bugs in the cryptography algorithm, it was possible to develop this decryptor. Victims can decrypt files of this ransomware, which is especially widespread in Ukraine.


Nicolas Karassas points out the release of the decryptor and this ThreadPost article with a description of the details in the following tweet

HermeticRansom Ransomware Decryptor

The free decrypter is able to decrypt files encrypted by ransomware found piggybacking with HermeticWiper malware. This was detected by ESET and Symantec days ago on computers belonging to financial, defense, aerospace and IT service providers in Ukraine, Lithuania and Latvia.

CrowdStrike's intelligence team discovered a few days ago that HermeticRansom (PartyTicket) had a crackable encryption process so that the decryptor could be developed. The decryptor can be downloaded here. More details can be found in the linked article.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *