A Flawed Ransomware that Enables Victims to Evade Payment

A newly released strain of ransomware has been broken, allowing for victims to evade payment and access their locked data.

The Scraper ransomware, is in fact a Torlocker which was discovered in October last year and given the name Trojan-Ransom.Win32.Scrape. The ransomware encrypts a victim’s files including documents, video, images and database copies and demands a ransom of at least $300 to unlock and decrypt documents.

However, the Scraper ransomware has a flaw in encryption algorithms means in about 70 per cent of cases files can be decrypted without submitting to the attacker’s demands.

 Kaspersky Labs scrutinized the ransomware strain in detail and also mentioned in their blog post that victims can get their data back without giving into demands for money.

The crypto-ransom first appeared in an attack against Japanese users last year, later appeared in an English version. After landing on victim computer systems via the Andromeda botnet, the Trojan uses the Tor network and a proxy server to contact its owners.

After encrypting the files, the Trojan installs the following wallpaper on the user’s desktop with a link to its executable file.

As explained by Kaspersky, “The user’s files are encrypted with AES-256 with a randomly generated one-time key; an individual encryption key is created for each file. Then, a 512-byte service section is added to the end of each file, which consists of 32 bytes of padding, 4 bytes of the Trojan’s identifier, and 476 bytes of the employed AES key encrypted with RSA-2048.”

Victims can re-download the malicious code and notify its operators that the ransom has been paid through a dedicated TorLocker window. The data is then sent through to a command and control (C&C) server which will respond with a private RSA key if money has changed hands. The ransomware supports payments made in Bitcoin, UKash and PaySafeCard.

The victims are intimidated to make payment through a timer system which threatens to delete the key necessary to decode files.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...

What is Ethical Hacking, how to be an Ethical Hacker

Hacking is the process of discovering vulnerabilities in a system and using these found vulnerabilities by gaining unauthorized access into the system to perform...

Basic steps to ensure security Online!

Security concerns are growing day by day due to the growing interconnectivity and technology. Drastic things can happen if you be a little careless...