Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Data Breach
  • Decryption Tool Released for WannaRen Ransomware
  • Data Breach
  • Malware

Decryption Tool Released for WannaRen Ransomware

6 years ago David Bisson
Decryption Tool Released for WannaRen Ransomware

Security researchers released a decryption tool that enables victims of WannaRen ransomware to recover their files for free.

On August 19, Bitdefender announced that it had made a WannaRen decryption utility publicly available for download.

The security firm urged victims of this ransomware to save the decryptor somewhere on their computer after completing the download process.

Once they click on the saved “BDWannaRenDecryptor.exe” file, they should click “Yes” and give the decryptor the permissions it needs to modify files on the infected device. They should then agree to the end user license agreement.

With a “test folder” containing pairs of encrypted/not-encrypted files, victims can instruct the tool to scan their entire machine for encrypted files as part of the recovery process.

Bitdefender also recommended that users select the “Backup files” option.

A screenshot of the WannaRen decryptor’s dialog box. (Source: Bitdefender)

News of this decryption utility arrived several months after WannaRen first attracted the attention of the security community.

In April 2020, 360 Security Center was among the first to witness the ransomware circulating in the wild and demanding ransoms of 0.05BTC (worth approximately $600 at the time of writing).

A close look by 360 Security Center at WannaRen revealed that the ransomware had originated from Hidden Shadow, a digital crime organization which has a history of exploiting EternalBlue for the purpose of moving laterally on infected networks and distributing banking trojans.

The security firm found that WannaRen arrived with a PowerShelld downloader containing this same propagation method.

It’s not always possible for security researchers to develop a decryption tool for a ransomware family. Sometimes, the code reveals no apparent weaknesses that allow for the creation of such a utility.

Acknowledging that reality, organizations and users alike should take steps to prevent a ransomware infection from occurring in the first place. This resource serves as an excellent starting point.

The post ” Decryption Tool Released for WannaRen Ransomware” appeared first on TripWire

Source:TripWire – David Bisson

Tags: Encryption, Malware, Ransomware, TripWire

Continue Reading

Previous A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide
Next XDR: The Next Level of Prevention, Detection and Response [New Guide]

More Stories

  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data

10 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS

10 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints

12 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Silent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet Addresses

12 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

GuardFall Exposes Open-Source AI Coding Agents to Decades-Old Shell Injection Risks

14 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study

14 hours ago [email protected] (The Hacker News)

Recent Posts

  • Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data
  • RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS
  • Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints
  • Silent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet Addresses
  • GuardFall Exposes Open-Source AI Coding Agents to Decades-Old Shell Injection Risks

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT