BTC $70614.7035
ETH $3511.7004
BNB $620.2579
SOL $173.0218
XRP $0.6097
stETH $3507.5030
DOGE $0.1974
TON $7.0340
ADA $0.5814
AVAX $46.2782
wstETH $4079.6154
DOT $8.3856
BCH $610.3232
WETH $3506.2796
WBTC $70620.3107
TRX $0.1214
LINK $17.6767
MATIC $0.8810
UNI $9.1130
LTC $98.3227
ICP $15.5376
CAKE $3.7378
DAI $0.9997
IMX $2.5624
ETC $33.6826
RNDR $9.0476
STX $3.0152
FIL $8.0739
MNT $1.3057
TAO $634.6650
NEAR $6.7707
HBAR $0.0996
ATOM $10.7689
VET $0.0473
OKB $56.7850
WIF $3.4067
FDUSD $1.0024
KAS $0.1425
MKR $3339.9801
PEPE $0.0000
GRT $0.3118
THETA $2.9461
INJ $31.7489
FET $2.5268
XLM $0.1299
XMR $133.8901
USDE $1.0008
BTC $70614.7035
ETH $3511.7004
BNB $620.2579
SOL $173.0218
XRP $0.6097
stETH $3507.5030
DOGE $0.1974
TON $7.0340
ADA $0.5814
AVAX $46.2782
wstETH $4079.6154
DOT $8.3856
BCH $610.3232
WETH $3506.2796
WBTC $70620.3107
TRX $0.1214
LINK $17.6767
MATIC $0.8810
UNI $9.1130
LTC $98.3227
ICP $15.5376
CAKE $3.7378
DAI $0.9997
IMX $2.5624
ETC $33.6826
RNDR $9.0476
STX $3.0152
FIL $8.0739
MNT $1.3057
TAO $634.6650
NEAR $6.7707
HBAR $0.0996
ATOM $10.7689
VET $0.0473
OKB $56.7850
WIF $3.4067
FDUSD $1.0024
KAS $0.1425
MKR $3339.9801
PEPE $0.0000
GRT $0.3118
THETA $2.9461
INJ $31.7489
FET $2.5268
XLM $0.1299
XMR $133.8901
USDE $1.0008
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • White Phoenix: A powerful decryptor that recovers data from ransomware attacks

    The new "White Phoenix" decryptor allows victims of ransomware attacks to partially recover their files. The development is aimed primarily at decrypting data to which the so-called "discontinuous encryption" has been applied.

    With discontinuous encryption, the source data is divided into certain blocks, which are encrypted one by one at a certain interval. Unlike other encryption methods, it does not require the creation of additional data blocks or the use of placeholders. Discontinuous encryption allows victims' data to be processed extremely quickly, while making it completely unusable.

    In September 2022, Sentinel Labs reported that discontinuous encryption is gaining traction in the ransomware space, with all major gangs offering it as at least an option to their customers, with the notorious ALPHV/BlackCat faction appearing to have the most sophisticated implementation of this type of encryption.

    According to CyberArk, the company that actually developed and published the White Phoenix decryptor, the speed-enhancing ciphering tactic introduces certain flaws in the process itself, leaving many unencrypted blocks of source files, which creates the potential for free recovery.

    Ransomware operations using discontinuous encryption that White Phoenix can be used against include:

    • ALPHV/BlackCat;
    • Play;
    • ESXiArgs;
    • Qilin / Agenda;
    • BianLian;
    • DarkBit.

    CyberArk was able to find the right White Phoenix algorithm after experimenting with partially encrypted PDF files. The researchers found that in certain encryption modes of the BlackCat ransomware, many objects in PDF files remained unaffected, which made it possible to extract data from them.

    After successfully recovering PDF files, CyberArk experts discovered similar recovery options for other data formats, including files that function like ZIP archives. These files include Word (docx, docm, dotx, dotm, odt), Excel (xlsx, xlsm, xltx, xltm, xlsb, xlam, ods) and PowerPoint (pptx, pptm, ptox, potm, ppsx, ppsm, odp) documents.

    Recovery of these file types is achieved using 7zip and a hex editor to extract unencrypted XML files of corrupted documents and then replace the data. White Phoenix automates all of the above steps for supported file types, although manual intervention may be required in some cases.

    It's important to note that White Phoenix doesn't always produce good results, even if it can theoretically decrypt the file. For example, if most of the file was encrypted, including critical components, the recovered data may be incomplete or useless. Therefore, the effectiveness of the tool is directly related to the degree of damage to the file.

    White Phoenix is already available for free download from the CyberArk public repository on GitHub.

    Author DeepWeb
    VCaaS: how cybercriminals monetized people's voices
    Google on guard of personal information

    Comments 0

    Add comment