Search This Blog

Showing posts with label Bitdefender. Show all posts

A New Decryptor by Bitdefender for Victims of LockerGoga Ransomware

 

As part of Bitdefender's official announcement, the company notified that it had released a free decryptor for ransomware called LockerGoga to recover the encrypted files without paying any ransom.
 
The Romania-based cybersecurity firm, Bitdefender released a universal LockGoga decryptor. The company stated in its published announcement, that the new decryptor is a combination of international law agencies, including Bitdefender, Europol, the NoMoreRansom project, the Zurich Public Prosecutor’s office, and the Zurich Cantonal Police. 
  
The new decryptor by Bitdefender is a helping tool for decrypting the files of the victims, free of cost. It uses the path containing pairs of clean-encrypted files and scans the entire system of files or file folders. This decryptor provides a feature called as “backup file”, which comes in handy in case of any problem during the decryption of the files.
 
LockerGoga is a program classified as ransomware, it came into notice in the 2019 cyber-attack against the U.S. and Norway-based companies, where the threat actors targeted high-profile organisations and individuals, including the world's greatest aluminum producer Norsk Hydro, and engineering firm Altran Technologies of France. They used it to encrypt the stored data on computers and blackmailed the users for ransom in exchange for decryption tools.
 
The National Cyber Security Centre (NCSC) reported that this computer infection was used in attacking over 1800 organizations all around the world. Cyberattacks involving various ransomware, one of them being LockerGoga, led to monetary damages of approximately 104 million US Dollars in 71 countries.
 
Around 12 of the attackers involved in the cyber-attack were arrested in October 2021 under an international law enforcement operation for spreading ransomware. In the wake of the arrest of its operator, LockerGoga was dismantled – which also led to the termination of all master private keys used in the encryption. As a result, those victims who did not pay the ransom to the threat actors were left with encrypted files waiting to recover them.
 

Cracked Version of few Software Steal Session Cookies and Monero Cryptocurrency

 

Bitdefender which is a Romania-based cybersecurity organization located in Bucharest has recently cautioned that cracked versions of Microsoft Office and Adobe Photoshop steal the browser session cookies along with Monero cryptocurrency and carry them back from tightwads installing pirated apps. 

While most readers would be familiar, that cracked software is a genuine application that has removed its registration or licensing features. In the days of yore, the cracked software (also known as warez) mainly exchanged through BitTorrent and mostly attracted the freeloaders who enjoyed using a specific suite without paying for the License. 

However, these cracks are priced differently: Bitdefender observed that some versions of both suites have been circulated with malware that captures browser session cookies (or in Firefox, the complete user profile history). It hijacked Monero cryptocurrency deposits and exfiltrated certain information using BitTorrent, after opening the backdoor in the first instance and disabling the machine's firewall. 


"Once executed, the crack drops an instance of ncat.exe (a legitimate tool to send raw data over the network) as well as a Tor proxy," said Bitdefender's Bogdan Botezatu, director of threat research and reporting, and Eduard Budaca the security researcher. They further added that "The tools work together to create a powerful backdoor that communicates through TOR with its command-and-control center: the ncat binary uses the listening port of the TOR proxy ('--proxy 127.0.0.1:9075') and uses the standard '--exec' parameter, which allows all input from the client to be sent to the application and responses to be sent back to the client over the socket (reverse shell behavior)." 


Reportedly, operators take a while to analyze and determine that whether they should rob what they have compromised or not – depending upon the estimated value they could gain out of it. 

In the days when business models became feasible as a service in the cloud, vendors were fully dependent on physical media for delivering to end-users that included the whole program; Immediate and common targets for crackers were copying protections which resulted in unlawful copies of otherwise fully functioning software being sold at a much lower cost. 

“Pirated software is never the way to go, however tempting it may be, as the risks tend to always outweigh the benefits,” sources further noted.