Released a tool for recovering files encrypted by the ransomware Prometheus
CyCraft, a Taiwanese company, has released a free app to help victims of Prometheus ransomware recover encrypted files. The decryptor is published for download on GitHub.
The tool works by brute-force the encryption key used to encrypt the victim’s files.
“Prometheus ransomware uses Salsa20 to encrypt files with a random tick counter password. The random password is 32 bytes and each character is visible. Since the password uses a tick counter as a key, it can be calculated using brute force, ”CyCraft said.
The only drawback of the decryptor is that it can crack the cryptographic key only for small files. Despite this, however, the release of the tool appears to have had a huge impact on Prometheus operations.
The decryptor was released on July 13, 2021, and on the same day, the last publication was made on the Prometheus leaks site. After two weeks, the ransomware operators apparently curtailed their activities.
Prometheus ransomware was first detected in February this year. Before the group ended its activities, a list of more than forty victims was published on its leaks site. She attracted public attention after claims of her connection with the sensational group REvil. However, the reference to “star” ransomware was removed after the REvil attack on Kaseya.
Catch up on more articles here
Follow us on Twitter here