A free decryptor counteracts the Key Group ransomware

A research group has rolled out a free decryption tool to aid organisations that have fallen victim to the Key Group ransomware campaigns. Based on reports, the victims could acquire the free decryptor and recover their data without complying with the actors’ ransom demands.

The ransomware group is a Russian-speaking cybercriminal organisation notorious for selling stolen PIIs and access to compromised devices. Moreover, the group commonly extorts its victims for money during successful attacks.

Key Group ransomware utilises Telegram to communicate with its members.

According to researchers, the Key Group ransomware uses private Telegram channels to communicate with its members and disseminate details about its malicious tools. Researchers intercepted some communications and claimed that the group uses NjRAT to access targeted devices remotely.

The group established its ransomware family earlier this year and utilised it in every campaign.

Investigations showed that the Key Group ransomware removes volume shadow copies and backups made with the Windows Server Backup tool on its victim device. Next, the attackers will try deactivating security features like the Windows Error Recovery screen and the Windows Recovery Environment.

The ransomware could also disarm the update mechanisms of anti-malware solutions from various providers, including well-known vendors. After analysing the threat, the researchers also noticed multiple cryptographic errors that enabled them to generate a decryptor.

The researchers claimed that the ransomware adopts AES encryption and uses a base64-encoded static key to encrypt the victims’ archives without employing enough salt to the encrypted information.

However, the ransomware operators claimed that the files were encrypted with a military-grade encryption algorithm and that the data was only recoverable if the victims paid the ransom.

On the other hand, the researchers who discovered the free decryption tool claimed that victims could use it to decrypt files with the [.]keygroup777tg extension. They advised the victims that the device was under development and could not work on all Key Group ransomware samples.

Victims should not be confident with their security as the threat actors could still infect their devices despite a free decryptor.

Protecting the world’s leading Enterprise and Government organisations

iZOOlogic enables the business to pro-actively detect and respond to external threat

Protecting the world’s leading Enterprise and Government organisations

iZOOlogic enables the business to pro-actively detect and respond to external threat

Protecting the world’s leading Enterprise and Government organisations

iZOOlogic enables the business to pro-actively detect and respond to external threat

Protecting the world’s leading Enterprise and Government organisations

iZOOlogic enables the business to pro-actively detect and respond to external threat

Protecting the world’s leading Enterprise and Government organisations

iZOOlogic enables the business to pro-actively detect and respond to external threat

Protecting the world’s leading Enterprise and Government organisations

iZOOlogic enables the business to pro-actively detect and respond to external threat

Protecting the world’s leading Enterprise and Government organisations

iZOOlogic enables the business to pro-actively detect and respond to external threat

Protecting the world’s leading Enterprise and Government organisations

iZOOlogic enables the business to pro-actively detect and respond to external threat

A free decryptor counteracts the Key Group ransomware

Key Group ransomware utilises Telegram to communicate with its members.

iZOOlogic

Leave a Reply Cancel Reply

Categories

Contact Us

Contact Us

Solutions

Company

Resources