Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vinsula releases free tool to brute force ZeroLocker decryption keys


  • Please log in to reply
6 replies to this topic

#1 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:33 AM

Posted 05 November 2014 - 05:13 PM

Last week Vínsula, Inc., a Seattle-based cybersecurity firm, released a free ZeroLocker decryption tool that brute forces the decryption key for the ZeroLocker file-encrypting ransomware. When we first reported on ZeroLocker, we discovered that the malware was uploading the generated decryption key to a web page that did not exist and thus the key was not saved anywhere for later retrieval. Vinsula's utility now allows those affected by ZeroLocker to brute force the decryption key from an encrypted file in a realistic time frame. Typically, brute forcing a decryption key is not realistic due to the length of time that is required. Vinsula was able to come up with a technique that can brute force this key on the user's computer typically within a day, but sometimes up to 5 weeks.


zerolocker.jpg



This is a huge gift for those who were infected with ZeroLocker as it was previously thought that their files were irretrievably lost. Now an affected user can follow the instructions on Visula's site and potentially decrypt their files and regain full access to them again. In order to use the decryption tool a user will need to have Microsoft Net Framework v4.0 installed and should run the tool on the fastest computer they own. The more CPUs a computer has the faster the tool will be able to brute force the decryption key.


ulzl_img2.jpg



If the data is time sensitive, then you can use a service like Amazon Web Services and rent c3.8xlarge Windows server. This will allow you to throw 32 virtual cores at the brute force task and significantly speed up the process. The only caveat to this is that it costs $1.68/hour to rent these servers.

As always if you have any questions regarding this process, please feel free to ask us and we will help as much as we can. A big thanks to Vinsula for releasing this free tool and reaching out to us to so that we can let our visitors know about it.


BC AdBot (Login to Remove)

 


m

#2 where

where

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 05 November 2014 - 09:10 PM

Being new to this site and the forums it provides I have a question about the ZeroLocker tool. Would it also be effective against CryptoWall 2.0 which I was hit with last week. I ended up rebuilding the machine but the data is still available to be decoded. Without paying the ransom of course. Thanks. 



#3 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:33 AM

Posted 05 November 2014 - 09:57 PM

No, unfortunately not. This tool is for the ZeroLocker infection only.

#4 IllusionEclipse

IllusionEclipse

  • Members
  • 205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chillin in my Compspace
  • Local time:10:33 PM

Posted 06 November 2014 - 12:45 AM

This is quite impressive and extremely useful despite the wait time for the key, but hey. At least we have an answer to this piece of cryptoware.

 

Hopefully this isn't caught on by the malware developer like last time...
 


An illusion is as real as the person who sees it, but wouldn't that be an illusion in and of itself?


#5 TheForestSpirit

TheForestSpirit

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 07 November 2014 - 12:17 PM

It's about time! Everyone in my department was excited to see this post! Thanks for putting it up here!



#6 GB2064

GB2064

  • Members
  • 947 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, Pennsylvania
  • Local time:07:33 AM

Posted 07 November 2014 - 12:57 PM

Even though this tool will not work on CryptoLocker or CryptoWall, I wonder if it may at least be a template for tools that would be effective against those malware?



#7 dacey14

dacey14

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:33 AM

Posted 10 January 2015 - 04:44 PM

has this worked for anyone ? the program opens then closes straight away ? thanks in advance guys






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users