BTC $56772.0455
ETH $3229.2692
BNB $393.0365
SOL $106.6536
stETH $3224.6597
XRP $0.5621
ADA $0.6137
AVAX $38.6261
DOGE $0.0960
TRX $0.1415
wstETH $3753.2551
DOT $8.0619
LINK $18.8685
WETH $3222.5827
MATIC $1.0217
UNI $10.5943
WBTC $56672.8182
IMX $3.2827
ICP $12.8638
BCH $296.0952
LTC $73.4211
CAKE $3.1049
LEO $4.3751
ETC $27.6986
FIL $7.7121
KAS $0.1681
RNDR $7.1714
DAI $0.9992
HBAR $0.1085
ATOM $10.9103
INJ $37.3719
VET $0.0480
TON $2.1032
OKB $51.5043
FDUSD $1.0007
LDO $3.4620
STX $3.0518
XMR $133.5710
ARB $1.8885
XLM $0.1189
GRT $0.2844
TIA $16.9400
NEAR $3.9210
ENS $21.6903
MKR $2126.5962
WEMIX $2.0704
APEX $2.3723
BTC $56772.0455
ETH $3229.2692
BNB $393.0365
SOL $106.6536
stETH $3224.6597
XRP $0.5621
ADA $0.6137
AVAX $38.6261
DOGE $0.0960
TRX $0.1415
wstETH $3753.2551
DOT $8.0619
LINK $18.8685
WETH $3222.5827
MATIC $1.0217
UNI $10.5943
WBTC $56672.8182
IMX $3.2827
ICP $12.8638
BCH $296.0952
LTC $73.4211
CAKE $3.1049
LEO $4.3751
ETC $27.6986
FIL $7.7121
KAS $0.1681
RNDR $7.1714
DAI $0.9992
HBAR $0.1085
ATOM $10.9103
INJ $37.3719
VET $0.0480
TON $2.1032
OKB $51.5043
FDUSD $1.0007
LDO $3.4620
STX $3.0518
XMR $133.5710
ARB $1.8885
XLM $0.1189
GRT $0.2844
TIA $16.9400
NEAR $3.9210
ENS $21.6903
MKR $2126.5962
WEMIX $2.0704
APEX $2.3723
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • White Phoenix: A powerful decryptor that recovers data from ransomware attacks

    The new "White Phoenix" decryptor allows victims of ransomware attacks to partially recover their files. The development is aimed primarily at decrypting data to which the so-called "discontinuous encryption" has been applied.

    With discontinuous encryption, the source data is divided into certain blocks, which are encrypted one by one at a certain interval. Unlike other encryption methods, it does not require the creation of additional data blocks or the use of placeholders. Discontinuous encryption allows victims' data to be processed extremely quickly, while making it completely unusable.

    In September 2022, Sentinel Labs reported that discontinuous encryption is gaining traction in the ransomware space, with all major gangs offering it as at least an option to their customers, with the notorious ALPHV/BlackCat faction appearing to have the most sophisticated implementation of this type of encryption.

    According to CyberArk, the company that actually developed and published the White Phoenix decryptor, the speed-enhancing ciphering tactic introduces certain flaws in the process itself, leaving many unencrypted blocks of source files, which creates the potential for free recovery.

    Ransomware operations using discontinuous encryption that White Phoenix can be used against include:

    • ALPHV/BlackCat;
    • Play;
    • ESXiArgs;
    • Qilin / Agenda;
    • BianLian;
    • DarkBit.

    CyberArk was able to find the right White Phoenix algorithm after experimenting with partially encrypted PDF files. The researchers found that in certain encryption modes of the BlackCat ransomware, many objects in PDF files remained unaffected, which made it possible to extract data from them.

    After successfully recovering PDF files, CyberArk experts discovered similar recovery options for other data formats, including files that function like ZIP archives. These files include Word (docx, docm, dotx, dotm, odt), Excel (xlsx, xlsm, xltx, xltm, xlsb, xlam, ods) and PowerPoint (pptx, pptm, ptox, potm, ppsx, ppsm, odp) documents.

    Recovery of these file types is achieved using 7zip and a hex editor to extract unencrypted XML files of corrupted documents and then replace the data. White Phoenix automates all of the above steps for supported file types, although manual intervention may be required in some cases.

    It's important to note that White Phoenix doesn't always produce good results, even if it can theoretically decrypt the file. For example, if most of the file was encrypted, including critical components, the recovered data may be incomplete or useless. Therefore, the effectiveness of the tool is directly related to the degree of damage to the file.

    White Phoenix is already available for free download from the CyberArk public repository on GitHub.

    Author DeepWeb
    VCaaS: how cybercriminals monetized people's voices
    Google on guard of personal information

    Comments 0

    Add comment