Researchers discovered that an open-source ransomware toolkit was accidentally converted into a data wiper due to architecture and programming faults.
Unlike other types of ransomware, which are usually sold via underground channels, the Python-written toolkit, dubbed Cryptonite, was available for free on CYBERDEVILZ’s GitHub repository. Cryptonite used Python’s Fernet symmetric encryption module, appending the “.cryptn8” extension to ciphered documents. GitHub recently took Cryptonite’s source code and all of its forks.
Fortinet researchers discovered a sample of the ransomware that acted like a wiper malware strain. The sample initially worked as expected, encrypting documents and attaching its specific file extension. However, the malicious executable never displayed the ransom note nor the decryption dialog that could’ve allowed victims to recover their files.
Closer analysis revealed that, while the sample does generate an encryption key, it never sends it to the threat actors. Even worse, the program can’t run in a “decryption-only” mode; attempting to execute it repeatedly just re-encrypts documents with a different key.
Last but not least, the program permanently deletes the key when it closes or encounters an exception. Researchers agreed that the ransomware wasn’t deliberately turned into a wiper; poor architecture and a lack of quality assurance apparently triggered the sample’s malfunction.
“Although we often complain about the increasing sophistication of ransomware samples, we can also see that oversimplicity and a lack of quality assurance can also lead to significant problems,” Fortinet writes in a security advisory. “On the positive side, however, this simplicity, combined with a lack of self-protection features, allows every anti-virus program to easily spot this malware.”
Last month, several organizations in Ukraine were hit by Somnia, a new strain of ransomware. Like Cryptonite’s crooked sample, Somnia lacked decryption capabilities. However, Somnia’s operators intentionally disabled the decryption feature, turning it into a wiper to further damage compromised systems.
Dedicated software such as Bitdefender Ultimate Security can keep you safe from ransomware and other cyberthreats thanks to its extensive list of features, including:
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsSeptember 06, 2024
September 02, 2024
August 13, 2024