BTC $63106.6694
ETH $3487.9438
BNB $414.1963
SOL $130.3204
XRP $0.6266
ADA $0.7278
DOGE $0.1539
AVAX $42.5755
DOT $9.7892
wstETH $4037.4917
TRX $0.1406
LINK $20.4990
WETH $3499.8168
UNI $12.6173
MATIC $1.0884
WBTC $63001.9284
BCH $469.6209
LTC $90.6161
IMX $3.3186
ICP $13.1704
FIL $10.4844
CAKE $3.3134
ETC $33.5274
LEO $4.7930
RNDR $7.5543
ATOM $12.1588
TON $2.6746
KAS $0.1670
HBAR $0.1129
INJ $40.6985
DAI $0.9987
OKB $58.1613
VET $0.0490
FDUSD $0.9985
WEMIX $2.8142
STX $3.0406
XMR $150.5516
XLM $0.1355
GRT $0.3198
NEAR $4.4292
LDO $3.3186
ARB $2.0442
PEPE $0.0000
THETA $2.3783
TIA $16.3918
ENS $22.1565
CRO $0.1418
BTC $63106.6694
ETH $3487.9438
BNB $414.1963
SOL $130.3204
XRP $0.6266
ADA $0.7278
DOGE $0.1539
AVAX $42.5755
DOT $9.7892
wstETH $4037.4917
TRX $0.1406
LINK $20.4990
WETH $3499.8168
UNI $12.6173
MATIC $1.0884
WBTC $63001.9284
BCH $469.6209
LTC $90.6161
IMX $3.3186
ICP $13.1704
FIL $10.4844
CAKE $3.3134
ETC $33.5274
LEO $4.7930
RNDR $7.5543
ATOM $12.1588
TON $2.6746
KAS $0.1670
HBAR $0.1129
INJ $40.6985
DAI $0.9987
OKB $58.1613
VET $0.0490
FDUSD $0.9985
WEMIX $2.8142
STX $3.0406
XMR $150.5516
XLM $0.1355
GRT $0.3198
NEAR $4.4292
LDO $3.3186
ARB $2.0442
PEPE $0.0000
THETA $2.3783
TIA $16.3918
ENS $22.1565
CRO $0.1418
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Unit221b secretly helped victims of zeppelin ransomware for 2 years


    Security professionals at Unit221b found vulnerabilities in the Zeppelin ransomware encryption mechanism and used them to create a working decryptor that they have been using since 2020 to help victim companies recover files without paying the attackers a penny. The work was carried out covertly so that hackers would not find out about vulnerabilities in their ransomware.

    Unit221b was determined to hack Zeppelin after seeing ransomware operators targeting charities, nonprofits and even homeless shelters. Malware analysis from Blackberry Cylance helped the company discover vulnerabilities in the ransomware.

    The researchers noticed that Zeppelin uses an ephemeral 512-bit RSA key to encrypt the AES key, which prevents the victim from accessing the encrypted data. The AES key was stored in the footer of each encrypted file, so if someone could crack the RSA-512 key, they would be able to decrypt the files without paying the attackers.

    Specialists from Unit221b found that the public key remained in the registry of the infected system for about five minutes after the data encryption was completed. The key could be extracted in three ways - by cutting the registry data from the raw file system, registry.exe memory dump, and directly from the NTUSER.Dat file in the "/User/[username]/" directory. The resulting data was obfuscated using RC4. Once the experts figured out this encryption layer, they had to overcome the last obstacle - the encryption layer using RSA-2048.

    To overcome this hurdle, Unit221b used a total of 800 CPUs across 20 servers, each handling small portions of the key. Six hours later, the key was cracked, and analysts were able to extract the AES key from the footer of the file.

    Unit221b founder Lance James told BleepingComputer that the company decided to make the details public because Zeppelin ransomware victims have dropped significantly in recent months. Lance said the decryption tool should work even with the latest versions of Zeppelin and will be available to all victims who leave a request.

    Author DeepWeb
    PoC exploit code for two dangerous vulnerabilities in Microsoft Exchange Server appeared on the network
    Washington allowed tourists to buy medical cannabis

    Comments 0

    Add comment