Woburn, MA – September 25, 2019 – Kaspersky has updated its RakhniDecryptor tool, now allowing users whose files were encrypted by Yatron and FortuneCrypt ransomware to retrieve their data without paying a ransom. The updated tool is available on the Nomoreransom.org website.
With new types of malware being developed rapidly by cybercriminals every day that victimizes users, ransomware is a dangerous threat to consumers and businesses alike. Once locked out of files, home users and corporations are at the mercy of empowered cybercriminals who demand substantial amounts of money to regain access to their information.
Yatron and FortuneCrypt are common examples of this kind of malware. Yatron is the part of a ransomware-as-a-service affiliate program and its developers were reported to use the infamous EternalBlue and DoublePulsar exploits as a propagation tool for the malware. While encrypting the victims’ files, this ransomware changes their extension to ‘.Yatron.’ Kaspersky’s new tool is capable of recognizing such files and bringing them back to a normal state.
The other variant of ransomware, FortuneCrypt, is unusual as it is written with a BlitzMax compiler based on publicly available information. It is a programming framework developed specifically for those involved in the first steps of video games development. Both ransomware variants contain issues in how they deal with the victims’ files allowing Kaspersky researchers to find ways of undoing the damage this malware caused.
“It would be too bold to say that both of these malicious programs can be regarded as significant developments in the ransomware threat landscape as they were not distributed too widely,” said Orkhan Mamedov, security expert at Kaspersky. “However, this doesn’t mean that the cybersecurity community shouldn’t pay attention to less successful strings of ransomware. The goal of a coordinated effort is not only to help victims retrieve their files, but also to make the business of ransomware itself as troublesome and costly for scammers as possible. The more threat families we defeat, the harder it is for cybercriminals to profit from their activity. The new decryption tools we’ve released are contributions to this goal and certainly won’t be the last.”
For those users who become victims of a ransomware attack and are left locked out of their files or devices, Kaspersky recommends taking the following steps:
- Do not pay the ransom if a device has been locked. Paying extortionate ransoms only encourages cybercriminals to continue their attacks.
- Contact your local law enforcement agency and report the attack.
- Try to find out the name of the ransomware Trojan. This information can help cybersecurity experts decrypt the threat and retain access to your files.
- Back-up your files so they can be recovered should an attack happen.
- Keep your cybersecurity solution up-to-date by always installing the latest software patches.
Both the Yatron and FortuneCrypt decryptors have been added to the Kaspersky RakhniDecryptor tool. They can be downloaded from the No More Ransom website, a project launched by the Dutch National Police, Europol, McAfee and Kaspersky in 2016. The project involves cybersecurity experts and law enforcement agencies working together to share solutions and stop the scourge of ransomware.