BTC $66157.0605
ETH $3160.9620
BNB $600.0523
SOL $153.7382
XRP $0.5487
stETH $3158.2980
DOGE $0.1576
TON $5.5645
ADA $0.5086
AVAX $38.3049
wstETH $3680.0518
WBTC $66253.4640
DOT $7.3621
WETH $3160.3315
TRX $0.1121
BCH $509.2779
LINK $15.3526
MATIC $0.7263
UNI $8.0690
ICP $14.6066
LTC $84.3899
DAI $0.9987
CAKE $2.9756
RNDR $9.0447
IMX $2.3823
STX $3.0517
NEAR $6.8843
ETC $27.8833
FDUSD $1.0002
MNT $1.1936
FIL $6.4625
TAO $503.6116
OKB $54.7164
HBAR $0.0881
VET $0.0418
KAS $0.1270
ATOM $8.7670
PEPE $0.0000
GRT $0.2943
WIF $2.7575
FET $2.4107
MKR $2818.4937
INJ $27.8130
USDE $0.9992
THETA $2.3518
XLM $0.1162
CORE $2.5749
BTC $66157.0605
ETH $3160.9620
BNB $600.0523
SOL $153.7382
XRP $0.5487
stETH $3158.2980
DOGE $0.1576
TON $5.5645
ADA $0.5086
AVAX $38.3049
wstETH $3680.0518
WBTC $66253.4640
DOT $7.3621
WETH $3160.3315
TRX $0.1121
BCH $509.2779
LINK $15.3526
MATIC $0.7263
UNI $8.0690
ICP $14.6066
LTC $84.3899
DAI $0.9987
CAKE $2.9756
RNDR $9.0447
IMX $2.3823
STX $3.0517
NEAR $6.8843
ETC $27.8833
FDUSD $1.0002
MNT $1.1936
FIL $6.4625
TAO $503.6116
OKB $54.7164
HBAR $0.0881
VET $0.0418
KAS $0.1270
ATOM $8.7670
PEPE $0.0000
GRT $0.2943
WIF $2.7575
FET $2.4107
MKR $2818.4937
INJ $27.8130
USDE $0.9992
THETA $2.3518
XLM $0.1162
CORE $2.5749
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Clop ransomware victims for Linux have been decrypting their data for free for several months

    A ransomware gang called Clop has been using a ransomware of the same name targeting Linux servers in their attacks for several months. However, a bug in the encryption scheme allowed victims to quietly restore their files for several months, and absolutely free of charge.

    This version of Clop for Linux was discovered in December 2022 by Antonis Terefos, a researcher at SentinelLabs. The malware was identified after the group used it along with a similar Windows variant in an attack on a Colombian university.

    Even though the Linux and Windows versions are very similar, since both use the same encryption method and almost identical process logic, there are still some differences, mainly due to the different structure of the operating systems.

    The Linux Clop malware is still in its early stages of development as it still lacks proper obfuscation and security evasion mechanisms. Also, SentinelLabs experts found a funny flaw in it, which allows victims to recover all their files without paying any money to the scammers.

    The point is that the current Linux version uses a hard-coded RC4 master key to generate file encryption keys. Moreover, the same master key then "encrypts itself" and is stored in a local file on disk.

    This weak scheme does not at all protect the keys from free extraction and subsequent decryption of files, which is what SentinelLabs did. Representatives of the company posted the decrypting script on GitHub.

    In addition to the lack of key protection, SentinelLabs also found that when writing the encrypted key to a file, the malware also writes some additional data. For example, information about a file, such as its size and encryption time. This data should also be hidden, as it can be used by experts to decrypt files.

    Clop ransomware for Linux is unlikely to become a widespread threat in its current form. The release of the decryptor is likely to push the authors of Clop to refine the program and release improved versions with the proper encryption scheme.

    SentinelLabs said they have already shared their decryptor with law enforcement so they can help victims of the attack recover their files.

    Author DeepWeb
    Data of Mandarinbank payment service clients leaked to the Network
    In 2022, North Korean hackers broke the record for stealing cryptocurrency

    Comments 0

    Add comment