BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Clop ransomware victims for Linux have been decrypting their data for free for several months

    A ransomware gang called Clop has been using a ransomware of the same name targeting Linux servers in their attacks for several months. However, a bug in the encryption scheme allowed victims to quietly restore their files for several months, and absolutely free of charge.

    This version of Clop for Linux was discovered in December 2022 by Antonis Terefos, a researcher at SentinelLabs. The malware was identified after the group used it along with a similar Windows variant in an attack on a Colombian university.

    Even though the Linux and Windows versions are very similar, since both use the same encryption method and almost identical process logic, there are still some differences, mainly due to the different structure of the operating systems.

    The Linux Clop malware is still in its early stages of development as it still lacks proper obfuscation and security evasion mechanisms. Also, SentinelLabs experts found a funny flaw in it, which allows victims to recover all their files without paying any money to the scammers.

    The point is that the current Linux version uses a hard-coded RC4 master key to generate file encryption keys. Moreover, the same master key then "encrypts itself" and is stored in a local file on disk.

    This weak scheme does not at all protect the keys from free extraction and subsequent decryption of files, which is what SentinelLabs did. Representatives of the company posted the decrypting script on GitHub.

    In addition to the lack of key protection, SentinelLabs also found that when writing the encrypted key to a file, the malware also writes some additional data. For example, information about a file, such as its size and encryption time. This data should also be hidden, as it can be used by experts to decrypt files.

    Clop ransomware for Linux is unlikely to become a widespread threat in its current form. The release of the decryptor is likely to push the authors of Clop to refine the program and release improved versions with the proper encryption scheme.

    SentinelLabs said they have already shared their decryptor with law enforcement so they can help victims of the attack recover their files.

    Author DeepWeb
    Data of Mandarinbank payment service clients leaked to the Network
    In 2022, North Korean hackers broke the record for stealing cryptocurrency

    Comments 0

    Add comment