HQ/EMEAFind out how we can help your business
The weak architecture and programming of an open-source ransomware toolkit called ‘Cryptonite’ led to it becoming a wiper malware propagating in the cybercriminal landscape. The Python-based ransomware toolkit employs the ‘Fernet module’ of the cryptography package, which it uses for encrypting files through the [.]cryptn8 file extension.
According to reports, the Cryptonite ransomware is a strain which is not commonly found and sold on dark web marketplaces. Instead, its malicious operator, CYBERDEVILZ, offered it for free until recently via a publicly-exposed GitHub repository.
The Cryptonite ransomware encrypts files with no way to decrypt them.
While the source of the ransomware strain on the GitHub repository has already been taken down, researchers found another sample capable of locking the victims’ files. Furthermore, this sample offers no option to decrypt all locked files, indicating its malware wiper capabilities.
Additionally, the researchers note that the ransomware’s data-wiping capabilities are not its intended use but rather from its developers’ lack of quality assurance. When Cryptonite attempts to display the ransom note after the encryption process, it will begin to crash, resulting in all the files being permanently locked.
Thus, the researchers conclude that Cryptonite’s data-wiping capabilities are accidental and not its intended architecture as a ransomware strain.
In a report by a security analyst, they shared that the flaw in Cryptonite ransomware causes it to crash, leading to a disaster for the victims, wherein their files can never be recovered again. Furthermore, while the ransomware’s intrusion procedures are ongoing, it has used a ‘key’ that encrypts files, although it was never transmitted to the malicious operators. Therefore, victims are permanently locked out of their compromised data.
Security analysts have shared several reports about data wiper strains disguised as ransomware, where victims are left to believe that their locked data can still be recovered, only to know that it is impossible. On the other hand, this report about Cryptonite ransomware is quite different, as it has unintentionally turned into data-wiping malware.
Users are reminded to be vigilant against cyberattack threats and enhance their security defences.
