Skip to main content
  1. Home
  2. Computing
  3. News

Ransomware app leaves de-cryption key on victim’s PC

By
A depiction of a hacker behind a screen of code.
Glebstock/Shutterstock

If you’ve ever seen any TV shows like “World’s Wildest Police Videos,” then you know that not all criminals are detail-oriented masterminds. Apparently, there there’s a Ransomware program out there whose creator can be counted among that group as well.

Ransomware is a form of malware that essentially locks down a user’s files, forcing them to pay hundreds in cash in order to regain access to their data. One piece of Ransomware, dubbed CryptoDefense, not only encrypts a victim’s files, but also leaves the decryption key on the same PC as well, according to security firm Symantec.

CryptoDefense employs Microsoft’s cryptographic methods as well as Windows software in order to create the plain text key that encrypts the files, which is then sent to the malware handler’s server. However, once that key is sent to the attacker, it’s also stored on the infected machine.

Related

“The malware author’s poor implementation of the cryptographic functionality has left their hostages with the key to their own escape,” Symantec said.

However, because it takes a bit of technical know-how in order to extract the de-cryption key, it’s unlikely that the average user hit by CryptoDefense would be able to break free of the malware’s shackles. Despite it’s one big flaw, Symantec asserts that CryptoDefense has earned its handlers a hefty sum of $34,000 in a single month.

What do you think? Sound off in the comments below.

Editors’ Recommendations

Topics
Konrad Krawczyk
Konrad Krawczyk
Former Digital Trends Contributor
Konrad covers desktops, laptops, tablets, sports tech and subjects in between for Digital Trends. Prior to joining DT, he…
Hackers sink to new low by stealing Discord accounts in ransomware attacks
a faceless hacker in a black hoodie in front of a computer screen with lines of code on it.

As if ransomware wasn’t terrifying enough already, hackers are now trying to hold your Discord account hostage, as well as your files. Thankfully, you can grab your Discord back if you act quickly enough.
This new ransomware campaign was recently discovered by leading cybersecurity firm Cyble, and it’s a particularly nasty one. A wave of similar attacks is emerging, including AXLocker, Octocrypt, and Alice. Ransomware encrypts files on the infected computer before demanding that you pay to decrypt your files to regain access.

Something uniquely cruel about AXLocker is that it also copies your Discord token and sends it to the hacker's server, giving them an opportunity to access and steal your Discord account. The malware is sneaky and leaves file names and extensions intact as it encrypts files so you might not notice anything is wrong until you see the ransom note.

Read more
Beware, these free Windows apps are hiding a dangerous secret
A depiction of a hacker breaking into a system via the use of code.

The installation of malware that is being spread via free software sites has been found to be activated following a month-long delay, ultimately helping it avoid exposure.

As reported by Bleeping Computer, the malware campaign is being camouflaged as Google Translate or MP3 downloader programs. In reality, however, it operates as cryptocurrency mining malware for Windows-based systems.

Read more
This game lets hackers attack your PC, and you don’t even need to play it
Genshin Impact characters.

Hackers have been abusing the anti-cheat system in a massively popular game, and you don't even need to have it installed on your computer to be affected.

The game in question is called Genshin Impact, and according to a new report, hackers are able to utilize the game's anti-cheat measures in order to disable antivirus programs on the target machine. From there, they're free to conduct ransomware attacks and take control of the device.

Read more