Check Point® Software Technologies Ltd. (Nasdaq: CHKP), the worldwide leader in securing the Internet, today announced it has cracked the code of DirCrypt, a widespread type of ransomware, enabling the recovery of individuals’ and organizations’ data and files without having to pay a ransom to criminals.
Ransomware has become a top security threat over the past few years, with a rapid evolution of variants and techniques. In a typical attack, cybercriminals infect networks and stealthily encrypt files so that users can no longer access them. They then demand a ransom to unlock the encrypted files and threaten to permanently lock the files if not paid quickly. Broadly used, these ransomware have infected large amounts of computers. For example, CryptoLocker, an infamous ransomware investigated by Check Point, infected over 530,000 machines, showing how rapidly these attacks can spread.
To fight this increasingly common type of attack, Check Point researchers look at ways to reverse the damage without having to pay a ransom. In this instance, they uncovered a flaw in the way DirCrypt ransomware was created, and more specifically how the cybercriminals implemented the cryptographic components of the malware. Exploiting the ransomware vulnerability allowed the researchers to reverse the encryption and restore the majority of the scrambled files.
“Ransomware has become a popular tactic with criminals because victims frequently have no idea how to deal with the attack, other than to pay the ransom. It is perhaps the most pure ‘evil’ form of malware in that it uses scare tactics to apply psychological pressure on the victims. Unfortunately, the more frequently ransoms are paid, the greater the incentive for malware creators to launch more ransomware attacks,” commented Michael Shalyt, malware research team leader at Check Point Software Technologies. “Often there are weaknesses in malware that can be used to reverse the damage it causes, and in the case of DirCrypt, we found it.”
A paper describing how Check Point’s researchers neutralized the DirCrypt ransomware, and outlining the steps to remediation is available to download from:
/download/public-files/TCC_WP_Hacking_The_Hacker.pdf
Check Point’s Malware and Vulnerability Research Groups regularly perform assessments of common software to ensure the security of Internet users worldwide. For more information on other research findings from Check Point, visit: /threatcloud-central/index.html
Follow Check Point via:
Twitter: www.twitter.com/checkpointsw
Feedback