Don't pay off Ryuk ransomware, warn infoseccers: Its creators borked the decryptor

Don't pay off Ryuk ransomware, warn infoseccers: Its creators borked the decryptor

Oracle DBs particularly vulnerable to fake decryptions, say researchers


If you're an Oracle database user and are tempted to pay off a Ryuk ransomware infection to get your files back, for pity's sake, don't. The criminals behind it have broken their own decryptor, meaning nobody will be able to unlock files scrambled by the malicious software.


This is according to infosec biz Emsisoft, which warned the latest evolution of Ryuk's decryptor truncates a file footer used by the ransomware to check whether or not a particular file has been fully or partially encrypted.


"In one of the latest versions of Ryuk," said Emsisoft in a recent blog post, "changes were made to the way the length of the footer is calculated. As a result, the decryptor provided by the Ryuk authors will truncate files, cutting off one too many bytes in the process ..

Support the originator by clicking the read the rest link below.