Geeks for your information Security Security Vendors EmsiSoft Emsisoft Blog Articles v
Emsisoft releases a free decrypter for the GetCrypt Ransomware
Emsisoft releases a free decrypter for the GetCrypt Ransomware
harlan4096 Online
MalWare Zoo Team
*******
Posts: 16,260
Threads: 10,307
Thanks Received: 9,363 in 7,509 posts
Thanks Given: 10,343
Joined: 12 September 18
#1
Exclamation  27 May 19, 08:15
Quote:
[Image: logo.svg]

Our malware team just released a decrypter for the GetCrypt ransomware.

GetCrypt is a ransomware spread by the RIG exploit kit and encrypts files using Salsa20 and RSA-4096. It appends a random 4-character extension to files that is unique to the victim such as four random uppercase letters (e.g. .NHCR) generated from the victim’s CPU’s serial number. A test version used a static “.EZDZ” extension.

According to BleepingComputer‘s Lawrence Abrams, GetCrypt will utilize the WNewEnumResourceW function to enumerate a list of available network shares, or if it fails, will try to brute force network account credentials instead.

Malware researcher @nao_sec discovered the ransomware and ethical hacker @VK_Intel shared his analysis of the exploit to BleepingComputer.

If you’re a victim of this ransomware, DO NOT PAY the ransom. Download the decrypter and reach out to us if you have any questions.

* Download the GetCrypt Decrypter Here
Continue Reading
Find
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
WinRAR 7.21 (stable release)
WinRAR 7.21 (stabl...harlan4096 — 08:18
Opera 31.0.5877.5
Dear Opera Users! ...harlan4096 — 08:17
Vivaldi 7.9 Build 3970.60
Vivaldi 7.9 Build ...harlan4096 — 08:16
PowerToys 0.99.1
Release v0.99.1 ...harlan4096 — 08:15
Is your car spying on you?
How law enforcemen...harlan4096 — 08:14

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>