January 2, 2024 at 11:18AM
SRLabs released a decryptor to assist victims of the Black Basta ransomware in recovering their files for free. The ransomware, linked to the Conti group, has been responsible for numerous high-profile attacks. SRLabs identified a flaw in the encryption algorithm, enabling them to create a tool for partial file recovery. Files encrypted before Christmas 2023 are eligible for decryption.
From the meeting notes, it is clear that SRLabs, a research collective and consulting think tank, has released a decryptor to assist victims of the Black Basta ransomware in restoring their files for free. The ransomware has been active since at least April 2022 and is believed to be associated with the Conti group, having been responsible for over 300 successful attacks and amassing more than $100 million in ransom payments.
SRLabs identified a weakness in the encryption algorithm used by Black Basta, enabling them to create a decrypting tool that can recover files, with certain limitations. The tool can recover files between 5,000 bytes and 1GB in size fully, except for the first 5,000 bytes, which will be lost. For files larger than 1GB, only the first 5,000 bytes will be lost, and the remainder can be recovered.
The decryption process depends on knowing the plaintext of 64 encrypted bytes of the file. SRLabs has also developed tools to analyze encrypted files and determine if decryption is possible. They note that successful decryption may require a manual review for certain files and that tools like “testdisk” can often recover or re-generate damaged partition tables for virtual machine disk images.
It’s important to note that the free decryptor can only be used for files encrypted before Christmas 2023, as it appears that the Black Basta developers have addressed the vulnerability in their algorithm.
In related news, the US government has disrupted the BlackCat ransomware operation, and the FBI has released a decryption tool for the same. Additionally, free decryptors are available for other ransomware families like ‘Key Group,’ BianLian, and MegaCortex.
This information can be summarized as follows:
– SRLabs has released a decryptor to restore files for free for Black Basta ransomware victims, with certain limitations based on file size.
– The decryption process requires knowledge of the plaintext of 64 encrypted bytes.
– The free decryptor is only applicable to files encrypted before Christmas 2023.
– Related news includes the US government’s disruption of the BlackCat ransomware operation and the release of decryption tools for other ransomware families.
Please let me know if you need further information or if there’s anything else you’d like to add.