If you refuse to pay up, the malware vanishes from your PC — but leaves everything fully encrypted.
Kaspersky has released a decryption tool for the Polyglot ransomware to assist victims in recovering their files without giving in and paying a fee.On Monday, the
cybersecurity firm launched the
free tool (.ZIP), which is suitable for the Polyglot Trojan which is also
known as MarsJoke, a strain which has been linked to attacks on government targets.
Ransomware is a particularly nasty kind of malware which has hit the headlines over the past year after targeting victims including businesses, hospitals, and universities. What makes the malware strain particularly devastating — for organizations and the general public alike — is its ability to take away access to files and content stored on a compromised machine.
Once ransomware such as MarsJoke, Cerber, or CTB-Locker is downloaded and executed — often finding its way onto a PC through phishing emails or malicious links — the ransomware encrypts files and in some cases, full hard drives.
Once the victim can no longer access their machine, a holding page informs them that they must pay a “fee” in return for a decryption key which will release their content back to them.
Polyglot infects PCs through spam emails which have malicious RAR archives attached. When infecting a machine, this family of ransomware blocks access to files and then replaces the victim’s desktop wallpaper with the ransom demand, which is made in virtual currency Bitcoin.
Many types of ransomware will simply sit on the machine for the payment to be made. However, Polyglot insists on a payment deadline and if the blackmail fails and no money is sent to the operators, the malware will delete itself — leaving behind a machine with encrypted files and no way to retrieve them.
Until now, at least. Kaspersky’s tool will decrypt these machines and unlock user data.
According to the security firm, although Polyglot looks similar to the severe CTB-Locker ransomware, the malware uses a weak encryption key generator. On a standard home PC, it takes less than a minute to brute-force the full set of possible Polyglot decryption keys — which gives you an idea of actually how weak the malware is.
Source | zdnet