Jump to content

A decryption key is now available for Mira ransomware


The AchieVer

Recommended Posts

The AchieVer

A decryption key is now available for Mira ransomware

access, antivirus, attack, business, computer, concept, cyber, cybercrime, danger, data, encrypt, encrypted, encryption, hacker, immunization, infected, infection, information, internet, key, lock, macro, mail, malicious, malware, money, network, online, pay, phishing, piracy, pirate, protect, protection, ransom, ransomware, risk, safe, safety, secure, security, software, spam, spyware, technology
 
  • Mira ransomware uses Rijndael algorithm to encrypt files on victims’ systems.
  • After encryption, it appends a ‘header’ structure to the end of the file.

Security researchers have explored a decryption key for ransomware named Mira. Mira, also known as ‘Trojan:W32/Ransomware.AN’, uses Rijndael algorithm to encrypt files on victims’ systems.

 

It should be noted that the Rijndael algorithm also forms the basis for the Advanced Encryption Standard (AES) which is widely used across the world to secure sensitive information.

 

How does it work - According to Khasaia, a security researcher from F-Secure, the Mira ransomware first ‘initializes a new instance of the Rfc2898DeriveBytes class to generate a key’. This class is created by using a password, salt and iteration count.

The password usually includes the following information:

 

  • Machine name
  • OS version
  • Number of processors

 

On the other hand, the salt is generated by a Random Number Generator (RNG).

Once the key is generated, the malware encrypts the victims’ files using Rijndael algorithm. After encryption, it appends a ‘header’ structure to the end of the file. This header contains the salt and the hash password. 

 

How was the decryption key generated - The researchers managed to create a decryption key by retrieving the password, salt and the iteration count of the ransomware.

 

Citing the feasibility of retrieving the decryption key, Khasaia told, “Most often, decryption can be very challenging because of missing keys that are needed for decryption. However, in the case of Mira ransomware, it appends all information required to decrypt an encrypted file into the encrypted file itself.”

 

 

 

Source

Link to comment
Share on other sites


  • Replies 0
  • Views 351
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...