Jump to content

Xtbl Ransomware Decrypt Tool


Batu69

Recommended Posts

screen2.png

 

Decryption

We developed a tool that decrypts files encrypted by this malware only. First, the tool will recover the encryption key using one encrypted file.

Please use an encrypted file with the last modification timestamp untouched.

Conclusion

Statistics show that the threat of being infected by a ransomware has only begun. Each month, more and more ransomware variants are detected.

Some of them do not use state of the art cryptography yet, or badly use it to encrypt files, such as in our case. But in most cases, there is no way to decrypt the file without having the secret key of the attacker.

 

Here, the fail comes from the rand function call which is not correctly seeded beforehand, the use of the timestamp which can easily be bruteforced and the number of milliseconds which holds a limited space of possibilities.

 

This post also highlights the good cooperation between the Pentest and the R&D team of Sogeti ESEC. For that, special thanks to lerobert, jbedrine, meik, who also worked on this incident response. Read more article explains...

 

Ransomware-xtbl-decrypt-tool

Link to comment
Share on other sites


  • Views 843
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...