Whether it is photos, work, the book they have been writing, or the program they have been developing, this stuff is important to them. People often have their digital lives stored on these devices. Liska also slammed the people behind the attack, questioning their insistence that the attack wasn't "personal." "The reason for Emsisoft to release a decryptor is to make sure victims have something they know will work once they get the key," Liska explained. Liska said ransomware groups are notorious for providing poor decryption software and noted that it is not uncommon for incident response teams to take the key given by the ransomware group and ignore the decryption code. That's one of the reasons we released the decryptor," Callow said. Users who paid the demand experienced problems after QNAP's forced update reportedly removed the ransomware executable making decryption impossible. "The strategy makes sense as it increases the likelihood of the attack being monetized. It is merely an alternative decryption tool if you can't use the mechanism provided by the threat actors due to QNAP forcing a firmware update," Wosar said.ĭeadbolt's ransom note says victims need to pay 0.03 BTC (equivalent to USD 1,100) to unlock their hacked device and that it "is not a personal attack." They offered to give QNAP a universal decryptor for 50 BTC.Įmsisoft's Brett Callow told ZDNet that the situation was similar to REvil's attack on Kaseya in that, in both cases, the threat actor asked for relatively small payments from individual victims as well as providing the company with an option to settle for a much larger sum on behalf of their affected customers. Victims will still need to provide the key. "This will not get you around paying the ransom. On Monday, Emsisoft CTO Fabian Wosar said QNAP users who got hit by DeadBolt and paid the ransom are struggling to decrypt their data because of the forced firmware update issued by QNAP "removed the payload that is required for decryption." Wosar urged victims to use their tools instead. Unfortunately, Emsisoft's decryptor requires users to have already paid the ransom and received the decryption keys from the Deadbolt ransomware operators. Some users even said they never got a decryptor after paying the ransom, while others said the decryptor malfunctioned. Security company Emsisoft released its own version of a decryptor after several victims reported having issues with the decryptor they received after paying a ransom. Ransomware: An executive guide to one of the biggest menaces on the webĮverything you need to know about ransomware: how it started, why it's booming, how to protect against it, and what to do if your PC is infected.
0 Comments
Leave a Reply. |