This free ransomware decryption tool just got a handy update

Ransomware: Why paying the ransom is a bad idea for everyone in the long run
ZDNet’s Danny Palmer explains that some cyber-insurance companies encourage their clients to pay the ransom to get back up and running as quickly as possible – but here’s how this just causes more problems. Read more:

A free decryption tool for a form of ransomware which has plaguing victims 2017 has just been updated with additional capabilities to make it more effective at returning encrypted files – without the need to give into the demands of cyber criminals.

Paradise ransomware typically arrives in a malicious document attached to a phishing email, which if executed, will encrypt the victim’s files. Crooks then demand a ransom paid in bitcoin for their return.

Extensions of files locked with Paradise typically include  “.paradise”, “.2ksys19”, “.p3rf0rm4”, and “.FC” – and the ransomware can also encrypt back-ups in a move designed to ensure that the victim gives in and pays the ransom.

Security researchers at Emsisoft first released a free decryption tool for Paradise ransomware in November last year – and now they’ve updated it with additional capabilities to make it even more effective. Now the Paradise ransomware decryption tool can also decrypt files locked with “.stub”, “.corp” and “vacv2” extensions.

The decryption tool can be downloaded directly from Emsisoft – which as of January 2020, has been downloaded over 11,000 times. The Paradise decryptor is also downloadable via Europol’s ‘No More Ransom‘ portal.

Paradise is sold to prospective criminal users ‘as-a-service’, providing those distributing it in their own campaigns with a simple means of deploying attacks and collecting ransoms – with the original authors taking a cut of any ransoms which are paid.

SEE:  A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic) 

Researchers at Bitdefender – who’ve also released a free decryptor for Paradise – note that when executed on a Windows machine, the ransomware will check whether the keyboard language is set to Russian, Kazakh, Belarus or Ukrainian; if this is the case, the ransomware won’t encrypt files and exits the system, something which likely points to the authors being from somewhere in this part of the world.

While victims of Paradise have the option to retrieve their encrypted files for free, ransomware remains successful because despite warnings from the authorities not to, a significant number of those organisations which fall foul of ransomware opt to give into the extortion demands of cyber criminals.

In many cases, organisations revert to this because they don’t have backups – or the ransomware has also encrypted their backups as part of the attack – and want to get their operations resumed as soon as possible. However, by making sure they have reguarly updated offline backups of their systems, organisations can avoid falling victims to this kind of malware.


Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *