Posts: 13,799
Threads: 9,248
Thanks Received: 8,903 in 7,078 posts
Thanks Given: 9,584
Joined: 12 September 18
27 May 19, 08:15
Quote:
Our malware team just released a decrypter for the GetCrypt ransomware.
GetCrypt is a ransomware spread by the RIG exploit kit and encrypts files using Salsa20 and RSA-4096. It appends a random 4-character extension to files that is unique to the victim such as four random uppercase letters (e.g. .NHCR) generated from the victim’s CPU’s serial number. A test version used a static “.EZDZ” extension.
According to BleepingComputer‘s Lawrence Abrams, GetCrypt will utilize the WNewEnumResourceW function to enumerate a list of available network shares, or if it fails, will try to brute force network account credentials instead.
Malware researcher @nao_sec discovered the ransomware and ethical hacker @VK_Intel shared his analysis of the exploit to BleepingComputer.
If you’re a victim of this ransomware, DO NOT PAY the ransom. Download the decrypter and reach out to us if you have any questions.
* Download the GetCrypt Decrypter Here
Continue Reading
Emsisoft releases a free decrypter for the GetCrypt Ransomware
![[Image: logo.svg]](https://static.emsisoft.com/images/layout/logo.svg){kind=logo}
![[-]](https://www.geeks.fyi/images/collapse.png "[-]")
