Giải trí

How to free decrypt data encrypted by “Chinese hell god” ransomware – Information Technology

Thursday, April 21, 2022 10:00 AM (GMT+7)

Victims can recover files affected by ransomware without using the attacker’s key.

Ransomware called Yanluowang targets businesses around the world, encrypting files on computers and preventing access to systems, leaving victims unable to access their data. surname.

In the past, the victim’s only solution was to pay a ransom to the cybercriminal. However, after analyzing this malicious code, Kaspersky researchers have developed a free tool that allows victims to recover the affected files without using the attacker’s key. This tool is already available on the website No Ransom.

How to decrypt data infected with ransomware for free "Chinese hell god"  encoder - 1

Ransomware is raging around the world. (Illustration)

Yanlouwang was first discovered in October 2021. Its name is related to the Chinese deity, Yanluo Wang, one of the 10 kings of hell. According to Kaspersky telemetry results, Yanlouwang has been attacking large enterprises in the United States, Turkey, Brazil and other countries.

An attack using Yanluowang begins with an operator manually launching encryption. While encrypting the victim’s file, the malware changes the file extension to “.Yanlouwang”. After attacking the computer, a file is left with a ransom note.

Cybercriminals threaten victims that, if they go to the police, all files on the infected computer will be deleted. Even after deleting all the files, they didn’t stop: Yanluowang’s authors threatened to then attack the entire company with DDoS attacks and infect people with ransomware on employees’ computers. company member.

How to decrypt data infected with ransomware for free "Chinese hell god"  encoder - 3

An example of extortion notes of a Yanluowang attack

Kaspersky experts analyzed this ransomware and found a vulnerability that allows victims to decrypt files on infected computers. User needs to have one or more original files and download one decoding tool specially designed. The victim can then decrypt the affected files independently.

Yanis Zinchenko, security researcher at Kaspersky, said: “Although Yangluowang is not a common ransomware threat, it still hurts users and in the fight against ransomware, Every defeated malicious program counts. Ransomware is an international threat and that is why the online community needs to cooperate in the fight against ransomware.”

To protect yourself from ransomware attacks, Kaspersky recommends:

– Do not expose remote desktop services, (such as RDP), to public networks unless absolutely necessary, and always use strong passwords for them.

– Quickly install available patches for commercial VPN solutions that provide remote access for employees and act as gateways to your network.

– Keep software up to date on all the devices you use to prevent ransomware from exploiting vulnerabilities.

– Focus defensive strategy on detecting horizontal movements and intrusive data Internet. Pay special attention to outbound traffic to detect cybercriminal connections.

– Back up your data regularly and make sure you can access it quickly in case of an emergency.

Use security solutions that help identify and stop an attack in its early stages before attackers can achieve their ultimate goal.

You are reading the article How to free decrypt data encrypted by “Chinese hell god” ransomware – Information Technology
at Blogtuan.info – Source: 24h.com.vn – Read the original article here

Back to top button