A free decryptor has been released for a ransomware that uses to encrypt systems. Understand all the techniques used by the attackers and the free decryptor tool released by to help victims recover their data.

Cybersecurity researchers have discovered a new type of ransomware called , along with a subsequent solution to this threat. In a shared report, the researchers noted that this new threat was discovered in , written in , with % of its code hardcoded to "execute only on old systems such as / or / ."

Unlike modern ransomware that relies on complex encryption algorithms, it employs a unique method to manipulate configuration to encrypt the system drive. This is a more direct approach to infiltrating devices. Specifically, it first checks for the presence of a certain component and, if it does not exist, installs it. Then, it re-encrypts the system with a randomly generated password known only to the attacker. This password is then uploaded to a server controlled by the adversary, rendering the victim unable to access the system. Finally, the attacker demands a ransom in exchange for the decryption key.

Researchers analyzed an attack targeting a healthcare company in the Middle East, where attackers gained access to unmanaged systems on a domain controller, created text files, and initiated remote sessions. According to the company's blog post, two scheduled tasks were executed in the context of SYSTEM, ensuring widespread deployment of ransomware. They successfully encrypted systems running various operating systems, including Windows, Linux, macOS, and VMware ESXi.

Particularly concerning is its ability to disrupt entire networks with minimal effort. By leveraging Group Policy Objects () and scheduled tasks, it can encrypt multiple systems across the network in just minutes per device. This simplicity makes it an attractive option for individual threat actors who may not be part of large ransomware-as-a-service () operations.

However, researchers discovered an opportunity to recover complete data immediately after ransomware removed the protection program from encrypted disks. After in-depth analysis, they developed a free decryptor, which is now available to the public. The decryptor provides a lifeline for victims of past attacks, allowing them to regain access to their encrypted data. By offering a practical solution, it has saved approximately $100 million in ransom costs to date.

Bitdefender Labs 已展示出其对抗网络威胁和保护数字资产的承诺。下载链接： http://download.bitdefender.com/am/malware_removal/BDShrinkLockerUnlocker.exe

It is noteworthy that using the feature to encrypt the entire drive, including the system drive. Therefore, actively monitoring the event logs can help organizations identify and respond to attacks, especially in the early stages when attackers are testing their encryption capabilities. Tracking events from the "---/" source can also be beneficial.