Wednesday, 12 Jun 2024
Technology

Kaspersky Releases Tool for Decrypting Conti-based Ransomware

kaspersky key free

Woburn, MA – March 16, 2023 – Kaspersky, a global cybersecurity and digital privacy company, has recently launched a decryption tool to assist victims of a new ransomware modification based on leaked Conti source code. Conti, a notorious ransomware gang that has been active since 2019, had its data leaked in March 2022 following an internal conflict triggered by a geopolitical crisis in Europe. This leaked data has since been used by various criminal groups to create multiple modifications of the Conti ransomware and execute attacks against companies and state institutions.

In late February 2023, Kaspersky experts discovered another portion of leaked data on online forums. After analyzing this data, which included 258 private keys, source code, and pre-compiled decryptors, Kaspersky released an updated version of their public decryptor. This new tool aims to aid victims affected by this particular modification of the Conti ransomware.

The Impact of Conti Ransomware

Conti first emerged in late 2019 and was exceptionally active throughout 2020, accounting for more than 13 percent of all ransomware attacks during that period. However, since the leak of its source code, multiple modifications of Conti ransomware have been created and used by various criminal groups in their malicious campaigns.

Tham Khảo Thêm:  How to Lock and Hide Your Notes on iPhone

Decrypting the Leaked Data

The version of the Conti ransomware for which the private keys were leaked was discovered by Kaspersky specialists in December 2022. This particular strain was used in numerous attacks against both companies and state institutions. Among the leaked private keys, 257 folders contained the keys, with one folder containing two keys. Some folders included previously generated decryptors, while others contained test files such as documents and photos. It is presumed that these test files were used by victims to verify the attackers’ ability to decrypt their files.

Moreover, out of the 257 folders, 34 of them had explicitly named companies and government agencies. Assuming that one folder corresponds to one victim and that the decryptors were generated only for those who paid the ransom, it can be estimated that 14 victims out of the 257 paid the ransom to the attackers.

After carefully analyzing the leaked data, Kaspersky released an updated version of their public decryptor. The latest release, RakhniDecryptor 1.40.0.00, incorporates the decryption code along with all 258 keys. Additionally, the decryption tool has been made available on Kaspersky’s “No Ransom” site (https://noransom.kaspersky.com), which provides further assistance to victims of ransomware attacks.

Preventing Ransomware Attacks

Fedor Sinitsyn, lead malware analyst at Kaspersky, emphasized the importance of strengthening defenses and stopping attackers at the early stages of their intrusion to prevent ransomware deployment and minimize its consequences. Sinitsyn further stated that while the decryption tool is available, the best strategy against ransomware is to focus on strengthening defenses.

Tham Khảo Thêm:  How to Reset Restrictions Passcode on iPad without Passcode

To protect yourself and your business from ransomware attacks, consider following these rules proposed by Kaspersky:

  • Do not expose remote desktop services (such as RDP) to public networks unless absolutely necessary, and always use strong passwords for them.
  • Promptly install available patches for commercial VPN solutions that provide access for remote employees and act as gateways in your network.
  • Focus your defense strategy on detecting lateral movements and data exfiltration to the internet. Pay special attention to outgoing traffic, as it can help identify cybercriminal connections.
  • Regularly back up your data and ensure quick access, should an emergency occur.
  • Utilize solutions like Kaspersky Endpoint Detection and Response Expert and Kaspersky Managed Detection and Response service to identify and stop attacks at early stages.
  • Stay informed about actual Tactics, Techniques, and Procedures (TTPs) used by threat actors by leveraging the Kaspersky Threat Intelligence Portal. This continuously updated source provides cyberattack data and insights gathered by their team over 25 years.

Frequently Asked Questions

Q: What is Conti ransomware?
A: Conti ransomware is a malicious software that encrypts victims’ files and demands a ransom to restore access to the encrypted data. It gained notoriety due to its high activity in 2020 and the subsequent leak of its source code, leading to the creation of multiple Conti-based ransomware variants.

Q: How can I protect myself from ransomware attacks?
A: To protect yourself from ransomware attacks, it is crucial to follow security best practices such as using strong passwords, applying patches promptly, backing up data regularly, and investing in reliable cybersecurity solutions like Kaspersky’s products and services.

Tham Khảo Thêm:  Do you need the Internet for the PS5?

Q: How can I access the new decryption tool released by Kaspersky?
A: The new decryption tool, RakhniDecryptor 1.40.0.00, can be downloaded from Kaspersky’s “No Ransom” site (https://noransom.kaspersky.com). This tool aims to help victims of the Conti-based ransomware modification by providing them with the means to recover their encrypted files.

Conclusion

Ransomware attacks continue to pose a significant threat to individuals and organizations worldwide. With the release of their latest decryption tool, Kaspersky aims to assist victims affected by the Conti-based ransomware modification. However, the best defense against ransomware remains a proactive approach that focuses on preventing attacks before they can cause significant damage. By following the recommended security practices and leveraging reliable cybersecurity solutions, individuals and businesses can enhance their protection against ransomware and other malicious threats.


About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With deep threat intelligence and security expertise, Kaspersky continuously develops innovative security solutions and services to safeguard businesses, critical infrastructure, governments, and consumers worldwide. Their comprehensive security portfolio includes leading endpoint protection and various specialized security solutions and services to combat evolving digital threats. Over 400 million users are protected by Kaspersky technologies, and they assist 240,000 corporate clients in protecting their most valuable assets. Learn more at usa.kaspersky.com.

Media Contact
Sawyer Van Horn
[email protected]
(781) 503-1866