Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG has released free decryption for some of the ransomware


  • Please log in to reply
6 replies to this topic

#1 chalup

chalup

  • Members
  • 191 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 06 July 2016 - 09:09 AM

I use AVG cloudcare for business purposes and seen this posted on the forums. I have zero experience with ransomware and these all might already be posted but thought I would still share just incase.

 

http://now.avg.com/dont-pay-the-ransom-avg-releases-six-free-decryption-tools-to-retrieve-your-files/



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:10 PM

Posted 06 July 2016 - 09:21 AM

They are late to the game... decrypters for some of these (if not the 6 of these) were released soon after the discovery of samples by Malware Researchers (Fabian Wosar, demonslay, BloodDolly, etc).

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 chalup

chalup
  • Topic Starter

  • Members
  • 191 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 06 July 2016 - 09:31 AM

Ah oh well I figured as much, didn't think it would hurt to post. Sounds like AVG just trying to bandwagon off it then.



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:10 PM

Posted 06 July 2016 - 09:33 AM

It's still a good article to post, don't worry, we appreciate it since it offers more solutions to the victim should one fail :)

It just looks to me like AVG wants to sound like an "important player" in the fight against Ransomware, by releasing decrypters way too late.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 cybercynic

cybercynic

  • Members
  • 560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Edge Of Tomorrow
  • Local time:03:10 PM

Posted 06 July 2016 - 11:20 AM

From the BC news article:

 

"AVG released decryptors for the Apocalypse, BadBlock, Crypt888 (MirCop), Legion, SZFLocker, and TeslaCrypt ransomware infections.  Though there were already decryptors released for many of these infections, the decryptors for the Legion and SZFLocker infections are new."

 

I noticed that in the last postings in the BC Apocalypse and BadBlock topics, posters reported that the Emsisoft decrypters weren't effective as before. New variant? Has Fabian Wosar updated his decrypters since? Otherwise, those with these ransomware encryptions could try the AVP decrypters. (Test files only, at first).


Edited by cybercynic, 06 July 2016 - 11:29 AM.

We are drowning in information - and starving for wisdom.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,768 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:10 PM

Posted 06 July 2016 - 06:00 PM

The key factor here is how well the AVG Decrypter will work.

Based on my experience with past AVG tools they have released, most are not very effective.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:10 PM

Posted 07 July 2016 - 03:37 PM

From the BC news article:
 
"AVG released decryptors for the Apocalypse, BadBlock, Crypt888 (MirCop), Legion, SZFLocker, and TeslaCrypt ransomware infections.  Though there were already decryptors released for many of these infections, the decryptors for the Legion and SZFLocker infections are new."
 
I noticed that in the last postings in the BC Apocalypse and BadBlock topics, posters reported that the Emsisoft decrypters weren't effective as before. New variant? Has Fabian Wosar updated his decrypters since? Otherwise, those with these ransomware encryptions could try the AVP decrypters. (Test files only, at first).

The ransomware updated. It's not the decrypters are less effective, the malware authors just change the algorithm enough so an update is needed.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users