• About
  • Advertise
  • Careers
  • Contact
Saturday, March 25, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security

The cyber security firm Emisoft has released decrypter for Hakbit and Jigsaw ransomware that would unlock your files for free.

by Cyber360 News
November 26, 2019
in Security
0
The cyber security firm Emisoft has released decrypter for Hakbit and Jigsaw ransomware that would unlock your files for free.
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

The cyber security firm Emisoft has released decrypter for Hakbit and Jigsaw ransomware that would unlock your files for free.

One day you turn on your PC but instead of being greeted with the standard account login window, you are encountered with an unpleasant message stating: “Your files have been encrypted, follow the instructions below to decrypt them.”

Usually, these instructions include the attacker asking for a certain amount of money in exchange for the victim getting their data back. This is in essence where the word “ransomware” originates from – your data is at risk unless you pay a ransom.

See: Victim hacks attacker; leaks decryption keys for Mushtik ransomware

Although the file types that are affected vary from attack to attack, most of them do include the common ones found such as jpeg, png, and pdf resulting in most of your data being compromised.

Two such ransomware that have recently taken on the lead among these attacks are Hakbit and Jigsaw.

Hakbit ransomware

To start with the former, it first tries to hide its presence by renaming itself as a legitimate-looking file extension from one of the following:

  1. lsass.exe,
  2. svchst.exe,
  3. crcss.exe,
  4. chrome32.exe,
  5. firefox.exe,
  6. calc.exe,
  7. mysqld.exe,
  8. dllhst.exe,
  9. opera32.exe,
  10. memop.exe,
  11. spoolcv.exe,
  12. ctfmom.exe,
  13. SkypeApp.exe.

Then it uses AES-256 encryption and adds a “.crypted” file extension to infected files. Furthermore, it presents a couple of innovative features not seen in any ransomware before. The first one is that unlike in most ransomware, it does not present the victim with a text file containing instructions but instead changes wallpaper display to ransomware note.

Secondly, normally we see attackers adding their cryptocurrency wallet addresses in a text file along with the instructions but Hakbit is focused on providing a great victim-experience. To achieve this, they actually provide a QR code for their Bitcoin wallet address leaving no room for mistake in their quest for a solid $300.

Jigsaw ransomware

Moving on to Jigsaw which was initially known as “BitcoinBlackmailer,” it is more or less interested in playing a good game of time while cashing in money. Once your files are encrypted, a countdown timer starts with a few files being deleted every hour. This is their way of telling you to pay up fast. If you don’t pay on the first day, hundreds of your files will be deleted on the second day.

Image: Emisoft

The third day will see thousands of them vanish – a cruel experience for someone who does not have a backup. However, this is not all. Suppose you try to play smart and either try to tamper the ransomware or restart your computer, 1000 of your files will be deleted as of punishment.

See: Police Dept. in US Paid Crypto-Malware Ransom to Retrieve Files

Luckily you’re not stuck in this anymore. Emisoft has released decryptor software for both of these ransomware. According to them, the decryptor can be run when one is online without any “special requirements” allowing non-technical users to also make use of it.

Image: Emisoft

Moreover, they have provided a comprehensive guide detailing how to run both of them with the following being the steps required to run the Jigsaw one:

1. Open Task Manager

2. In the Processes tab, select firefox.exe and drpbx.exe and click “End Task”

3. When that’s done, open MSConfig

4. In the Startup tab, deselect the startup item firefox.exe that points to %UserProfile%AppDataRoamingFrfxfirefox.exe and click OK

Once you’ve completed these steps, you can proceed to run the decryptor.

Image: Emisoft

Although the aforementioned steps provide a brief overview of how the decrypter will work, the company also provided detailed guides on the download pages of both Hakbit and Jigsaw.

In conclusion, this eases up the issue for those who may see themselves stuck with no cash to spare. Other ransomware also have decryptors available online and hence it is recommended that one tries to search for it before proceeding with any payment to the attackers.

Nonetheless, our suggestions remain simple and effective to avoid such incidents in the first place. Always download files from authentic sources and to take security a step further, verify the file by double-checking its hash which is given by many websites. You can also check for its hash and scan the file on sites like VirusTotal.

On the other hand, for day to day social exchanges via email and social media, avoid opening any files from unknown sources no matter how pressing the issue may look. With such precautions, attacks can be thwarted in the majority of cases keeping you safe.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

Cyber360 News

Cyber360 News

Next Post
Aircraft Warning Lights Used By Planes to Avoid Obstacles Found Exposed to The Open Internet

Aircraft Warning Lights Used By Planes to Avoid Obstacles Found Exposed to The Open Internet

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In