Answers to common security questions - Best Practices

Ransomware Encryption: The math, time and energy required to brute-force an encryption key

.
Encryption is the process of encoding a message or information (converting a plaintext message into ciphertext) which can be decoded back into the original message in such a way that only authorized parties can access it. An encryption algorithms along with a key is used in the encryption and decryption of data. There are several types of data encryptions and encryption schemes typically are based on block or stream ciphers.

• What Is Encryption, and How Does It Work?
• What is SSL Cryptography, Asymmetric Encryption, Symmetric Encryption
• What are encryption keys and how do they work?
• Types of Encryption Algorithms
• 5 Common Encryption Algorithms and the Unbreakables of the Future
• Encryption 101: How to break encryption

Whether you can recover (decrypt) your files or not depends on what ransomware infection you are dealing with, the type and strength of encryption used by the malware writers and a variety of other factors as explained here. All crypto malware ransomware use some form of encryption algorithms, most of which are secure and unbreakable. Thus, the possibility of decryption depends on the thoroughness of the malware creator, what algorithm the creator utilized for encryption, discovery of any flaws and sometimes just plain luck. Reverse engineering the malware itself does not guarantee experts will be able to crack it especially if there isn't a known flaw as noted here by Emsisoft's CTO, Fabian Wosar.

Malware developers typically use a public and private key system where the public key is used to encrypt and the private key is used to decrypt. The private key is stored on a central server maintained by the cyber-criminals ensuring it is much harder to break unless at some point, law enforcement authorities track down, arrest the criminals, seize the C2 server, find and release the private RSA decryption keys to the public. Cyber-criminals are not likely to continue using methods which can easily be cracked.

Brute-forcing a decryption key is not possible (not a feasible option) with current technology and quantum computers capable of running Shor's algorithm. This is due to how the keys are generated using complicated math operations, an infinite number of possibilities to try and the length of time required to break a private encryption key. Some ransomware (such as Conti) will use a unique AES-256 encryption key per file which is then encrypted with a bundled RSA-4096 public encryption key unique to each victim. Experts believe we are 20-30+ years away from using quantum computers to break encryption. The inability to self-correct errors by copying encoded data over and over has been a major barrier to scaling up technology with Quantum Computers.

• How secure is AES against brute force attacks?
• The Math Behind Cracking RSA with Shor’s Algorithm
• How Quantum Computers Break Encryption | Shor's Algorithm Explained
• Time and energy required to brute-force a AES-256 encryption key
• For AES-128 (or any secure 128-bit symmetric cipher for that matter), there are 2¹²⁸ possible keys.
• How to estimate the time needed to crack RSA encryption?
• How long would it take to break a 1024 bit OpenPGP encrypted email?

Without the criminal's master private encryption key that can be used to decrypt your files, decryption is impossible. That usually means the key is unique (specific) for each victim and generated in a secure way (i.e. RSA, AES, Salsa20, ChaCha20, ECDH, ECC) that cannot be brute-forced...the public key alone that encrypted files is useless for decryption. In most cases, unless the keys are leaked or the criminals are arrested by the authorities and the keys are recovered, then provided to the public, there is no possibility that anyone can provide a decryption solution.

According to Emsisoft's CTO, Fabian Wosar some ransomware has been...

...reverse engineered to death by the entire malware research community. If a flaw existed that enabled the encryption to be broken, it would almost certainly have been discovered a long time ago. To break Dharma within any of our lifetimes without having discovered a flaw would require access to a quantum computer that is capable of running Shor's algorithm. The highest number ever factorized using said algorithm and quantum computers is 21, which is just short of the 307 digits that would be required to break Dharma."

According to Demonslay335 (Michael Gillespie), a trusted Security Colleague (Expert), a ransomware researcher/analyst with the MalwareHunterTeam (Post #1307)

AES-192 and AES-256 is more or less resilient to quantum computing. AES-128 is the only version that would "possibly" be broken by quantum computing.

According to rivitna (Andrey Zhdanov), a Malware analyst, reverse engineer, APT researcher and programmer (Post #11993)

...to decrypt one file, you need to brute the 112-bit number (2^112 possible combinations).
For comparison:
Phobos - 256-bit number (2^256 possible combinations)
LockBit - 512-bit number (2^512 possible combinations)

Dr.Web: Encryption ransomware - Threat No. 1

According to Doctor Web’s statistics, the probability of restoring corrupted files is roughly 1%...That means that most of user data has been lost for good!.

 .

Decryption vs Data Recovery of Ransomware

Data Recovery is a process of salvaging (retrieving) inaccessible, lost, deleted, corrupted, damaged or formatted data as explained here. Since Windows NTFS file system saves the file description information, that makes it easier for recovery software to find these files using that information. Data recovery software uses complex algorithms that search for pieces (fragments) of recoverable information left on the hard drive in order to guess where the file was originally physically stored. The recovery program then attempts to put back together that information in a salvageable format. However, if the data has been overwritten, complete recovery cannot be guaranteed. Data recovery does not decrypt encrypted data.

• What Is Data Recovery And How Does It Work?
• How Does a Data Recovery Software Program Function?
• How Does Data Recovery Software Work

When dealing with ransomware, in some cases the use of file recovery software or JpegMedic ARWE may be helpful to recover (not decrypt) some of your original files but there is no guarantee that it will work. However, it never hurts to try in case the malware did not do what it was supposed to do. It is not uncommon for ransomware infections to sometimes fail to encrypt all data, fail to leave ransom notes, fail to delete all shadow copy snapshots, add an extension but fail to encrypt files or only execute partial encryption of large files especially if the encryption process was interrupted by the victim (i.e. shutting down the computer), encountered encryption glitches, involved shoddy malware programming code or was hindered by installed security software.

Some ransomware (STOP Djvu, LockFile, BlackCat (ALPHV), Qyick, Agenda, Black Basta, LockBit 2.0, DarkSide, BlackMatter, Ryuk, Nemty, Play) only partially encrypt a file (first so many KB's at the beginning and/or end especially if it is very large). This is deliberate in order to avoid detection and encrypt the data as quickly as possible (before anyone notices) so it does not actually read/write/encrypt the entirety of data. 

• Ransomware Developers Turn to Intermittent (Partial) Encryption to Evade Detection
• Intermittent Encryption Analysis
• Ransomware gangs switching to new intermittent encryption tactic

Since only parts of the file may actually be encrypted, data recovery programs sometimes work to recover partial files with certain ransomware infections but do not work with those which overwrite data. With a few other types of ransomware, it is even possible to manually recover/reconstruct (file repair)  certain file formats (i.e. .JPG and video files) since the malware only encrypts 150KB of the file as explained here by Demonslay335.

Unfortunately, partial (intermittent) encryption often results in file corruption and renders the encrypted data useless since the encryption is usually irreversible for these files...the encryption code overwrites part of the file with the encrypted data of another part and there is no way to restore the overwritten data.

• Partial Encryption can corrupt large files
• Ransomware can partially encrypt files and cause corruption

Although it never hurts to try this approach, in the end you still may have no choice but to backup/save your encrypted data as is and wait for a possible solution at a later time.

Important Note: Keep in mind that the more you use your computer after files are deleted, encrypted or corrupted the more difficult it will be for data recovery programs to recover any deleted, unencrypted and uncorrupted data. The less that is done with the hard drive between the time of the data loss and the attempted recovery, the more likely it is that some or all of the files can be successfully recovered. The more the hard drive with the lost data is used, the less chances of recovery because there is a greater risk that new data can be written to the drive, overwriting and destroying deleted files that could have otherwise been recovered. When you delete a file, its content physically remains intact on the media, but the occupied space becomes marked as free. The next file saved to the disk may overwrite the contents of the deleted file. Therefore, the sooner that data recovery is attempted after a loss the greater the possibility that data can be successfully recovered. It is also very important to make sure that no application (including the recovery program) writes to the drive or partition where the deleted file is located since every new file may overwrite the deleted file.

The chances of success also will be greater if the drive is not defragmented and that you install and use a data recovery program on a drive other than the drive you want to recover files from (i.e. second hard drive, separate partition or USB flash drive) otherwise it could overwrite recoverable files. You could also "slave" the original hard drive and install the software on the new drive.

Data Recovery Tools

• 20 Best Free Data Recovery Software Tools
• 27 Best Free Data Recovery Software For Windows
• Free Data Recovery Software
• 10 Best Free Data Recovery Software [2021 Edition]

.

Updated: 02/20/24

Should you pay the ransom?

Most security experts will advise against paying the ransom demands or engage in negotiating a payment with the criminals because doing so only helps to finance their criminal enterprise and keep them in business. One of the reasons that folks get infected is because someone before them paid the bad guys to decrypt their data. Every time a victim pays, the payment reinforces the criminals faith in their business model. The more people that pay the ransom, the more cyber-criminals are encouraged to keep creating ransomware for financial gain and continue to target other victims. Making ransomware unprofitable is an effective way to stop these criminals.

Further, there is never a guarantee that negotiating or paying the ransom will actually result in decryption (restoration) of your files. Even if you're willing to pay ransom demands, sometimes you may not be able to do so if the encryption process corrupted the files, the criminals do not send the key and/or decrypter or they abandon the TOR site in their ransomware notice. The criminals may demand a second ransom payment in addition to or after paying the first ransom demand. In some cases the criminals have no intention of decrypting your files after payment no matter how much you cooperate since they never intended on providing a means to recover victim’s files in the first place. Security experts have reported a more insidious phenomenon where data is destroyed in the ransomware attack leaving victims no option to recover it, even if they pay the ransom.

US-CERT and the FBI have stated "We do not encourage paying a ransom". Other government agencies and major security vendors say the same.

• Bitdefender and partner law enforcement agencies advise victims to reject the demands of ransomware operators
• Avira: CyptoLocker-style File Encryptors Should you pay the ransom?
• Kaspersky Lab: To pay or not to pay the dilemma of ransomware victims
• ESET: Ransomware...To pay or not to pay?
• FBI: No, you shouldnt pay ransomware extortionists
• The Government Ransomware Dilemma: To Pay or Not to Pay?
• K7 Computing: Why You Should Not Pay That Ransom Demand
• Krebs on Security: Before You Pay that Ransomware Demand
• Ask Leo: Decrypting files encrypted by ransomware...should you pay?

In November 2023, during the third annual meeting of the International Counter Ransomware Initiative, a US-led global campaign to develop the cooperative resilience of member nations and thwart the efforts of malicious cyber hackers, member nations announced their commitment to not paying ransom payments to hackers.

One more reason not to pay is that after a 2018 Department of Justice grand jury indictment against Iranian hackers, paying the ransom may violate U.S. sanctions and U.S. victims and companies may face legal ramifications for paying the ransom..

• Making a Ransomware Payment? It May Now Violate U.S. Sanctions

When dealing with the malware developers, some ransomware victims have reported they paid the ransom and were successful in decrypting their data. Others have reported they paid the ransom but the cyber-criminals did not provide a decryptor or a key or indicated the decryption software and/or key they received did not work, did not work properly (malfunctioned, was defective or fake), resulted in errors or caused more damage (file corruption). Still other victims reported paying the ransom only to discover the criminals demanded more money for a key after paying for a decrypter, demanded additional payments but never provided a solution, demanded two ransoms, refused to decrypt files after payment, erased data after payment or could not decrypt the files. 

The criminals may be willing to engage in negotiations, offer to reduce the ransom demand or tell victims to post on this forum board with the promise of a discount. In some cases the criminals engage in extortion....threaten to destroy (delete) encrypted data or threaten to expose, leak or publish the data if the ransom is not paid. With these increasing threats to leak and actually publish stolen data, malware developers are now demanding a second ransom not to publish files stolen in an attack and even creating sites to leak stolen data.

• List of ransomware with data leak sites

Many criminals provide instructions in the ransom note that allow victims to submit one or two limited size files for free decryption as proof they can decrypt the files. However, decryption in bulk may not always work properly or work at all and decryption of very large files may be unsuccessful (due to partial (intermittent) encryption) even with the criminal's decryption tool as explained here. In other cases victims may actually be dealing with scam ransomware or a wiper (files completely overwritten) where the ransomware developers have no intention or capability of decrypting files after the ransom is paid.

If dealing with double (multiple) encryptions that means dealing with all ransomwares, ransom demand payments and different decryptors in order to decrypt data if the encryption is caused by different ransomware families....making your changes of decryption even more unlikely if you decide to pay the criminals or cannot pay them. Ransomware does not care about the contents of the data or whether your files are already encrypted...it will just re-encrypt them again and again if it has access.

Note: If victims are dealing with an NAS (Network Attached Storage) Linux-based device, the malware most likely infected a Windows-based machine and encrypted the NAS over the network. The criminals could also connect via Samba/SMB (Server Message Block) and run the malware from their system to encrypt files over the Internet which essentially is the same as encrypting files over a network-mapped drive.

Ransomware victims should keep all this in mind if they are considering paying the ransom since there is never a guarantee decryption will be successful or that the decryptor provided by the malware developer will work as they claim. Using a faulty (malfunctioning, defective) or incorrect decryptor (one intended for another specific type of ransomware) may cause additional damage and corrupt the encrypted files, thus decreasing your chances for recovering data. The criminals may even send you something containing more malware or a fake decryptor...so why should you trust anything provided by those who infected you to begin with.

Also keep in mind that security experts have had some success finding and exploiting flaws in ransomware, sometimes through reverse engineering and sometimes just plain luck which allow the creation of free decryption tools. Law enforcement authorities have had some success arresting cyber-criminals utilizing various techniques, seizing their C2 servers and releasing the database of master private keys to the public which enable security experts to create a decryption tool. In some cases, the cyber-criminals, for whatever reason, choose to release the master keys after a period of time. Some of them have even released the keys here at Bleeping Computer by posting them in forum topics.

When it comes to ransomware, patience pays when you don’t pay!

...law enforcement and the IT security industry are working 24/7 to identify the perpetrators of these crimes. It is common for law enforcement to seize servers, laptops and other evidence that can lead to a break through. These seizures can often uncover master keys to a given type of ransomware, or enough evidence to significantly help the development of a public decryption tool. Also, there is an active global network of security researchers that work on these problems. These researchers are aided by victims who submit samples, peer security firms, and law enforcement in collecting the necessary resources to build new decryption tools. The lesson is that if you can afford to wait, you should.

With that said, we certainly understand some ransomware victims and their IT Managers may feel they have no other alternative but to take a chance and pay the ransom or use a disaster recovery service even at great cost in hopes of recovering irreplaceable personal, business or other important data. The permanent loss of such data could mean certain financial or other ruin for some victims and businesses. Further, many large organizations (cities, schools, and hospitals) and businesses have more financial resources and insurance to protect them so they are more willing to pay the  ransom demands to decrypt their files as explained here. That is a choice and a decision each affected victim will have to make for themselves. We will not make any judgments for doing so.

• Ransomware: Pay it or fight it?: Experts recommend fighting, but for many the $500 ransom is a small price to pay

The IT security community may advise against paying the ransom as a means of removing the incentive for cybercriminals to engage in this kind of scam. But that is usually the last thing on the minds of IT decision makers who just want to get their files back and get back to work. For an organization that faces losing weeks' or months' worth of data, they can write off the expense as a learning experience.

Important Note: If you are thinking about hiring and/or using data recovery services...

Bleeping Computer cannot vouch for those who claim they can decrypt data or help in other ways. We have have no way of knowing the background, expertise and motives of all companies or individuals who indicate decryption is possible. We have no way of vetting whether a person has a true technical method of recovering files, is scamming users by just paying ransoms for the key, or are the ransomware operators themselves. For the same reason, members are discouraged from providing remote access to unknown individuals or to provide data that could potentially be stolen. We advise to be cautious with whomever you are dealing with, what services they are able to provide and what claims they make before sending money or paying a fee to anyone. Please read my comments in this topic (Post #675) for more information as to what we know about those who claim they can decrypt data.

While the individual or company may be legitimate, our experts have found that many who claim they can decrypt your files actually represent data recovery services which act as a "middleman"...they just pay the criminals...pretend they cracked the decryption and charge the victim more than the ransom demands, in many cases not telling them that is how they acquired the means of decryption. Other data recovery services hide the actual ransom cost from clients and/or mark the cost up exponentially as noted here. Many data recovery services instruct victims to submit one or two limited size files for free decryption as proof they can decrypt the files with claims of 100% guaranteed success, collect the victim's money and are never heard from again. The criminals behind creating and spreading ransomware do the same.

Some data recovery services like Fast Data Recovery have even been reported to make false claims to be able to decrypt data by ransomware which is not decryptable and charge an assessment fee.

The Register article goes on to say that Brett Callow of Emsisoft....

....broke off contact with the firm [Fast Data Recovery], but the case smells similar to other companies claiming to be able to decrypt ransomware when all they do is act as a middleman, taking money on the pretence of "decrypting" ransomware, then paying the ransom and in turn banking a margin for doing so

Experts have identified Proven Data, Red Mosquito, MonsterCloud, Dr. Shifro and Fast Data Recovery as some of the most dishonest and predatory data recovery services.

Connecticut-based Coveware CEO Bill Siege refers to such data recovery services as "ransomware payment mills".

These ransomware payment mills demonstrate how easily intermediaries can prey on the emotions of a ransomware victim. They advertise guaranteed decryption without having to pay the hacker. Although it might not be illegal to obfuscate how encrypted data is recovered, it is certainly dishonest and predatory.

• TRADE SECRET: Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the Hackers
• Company Pretends to Decrypt Ransomware But Just Pays Ransom
• Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the Hackers
• Sting Catches Another Ransomware Firm Negotiating With “Hackers
• Beware of Dishonest Ransomware Recovery firms
• The Ransomware Doctor Without A Cure
• If it sounds too good to be true, it most likely is
• GandCrab Ransomware Helps Shady Data Recovery Firms Hide Ransom Costs

We advise everyone to be cautious with whomever you are dealing with, what services they are able to provide and what claims they make before sending money or paying a fee to anyone.

WARNING: Promoting "ransomware recovery services" at BleepingComputer is strictly prohibited and will lead to the banning of accounts and the removal of posts as noted here by the site owner (Lawrence Abrams).

Ransomware victims should IGNORE, (not reply back, deal with or negotiate payments with) anyone who may contact them via Private Message (PM) on this forum or by email making claims they can decrypt your data. Any solicitation for donations or fees (in regards to decryption of ransomware) via email or PM should be reported to BC Moderators or Admin using the report button.

Reporting Ransomware

FBI says: Victims Aren't Reporting Ransomware Attacks

Despite being an expanding threat, ransomware infections are rarely reported to law enforcement agencies, according to conclusions from the 2016 Internet Crime Report, released yesterday by the FBI’s Internet Crime Complaint Center (IC3)...FBI urges victims to file official complaints.

Submitting Ransomware Samples

In some cases crypto malware experts/researchers need a sample of the malware file itself to analyze in order to properly identify the ransomware before anyone can ascertain if they can help. Samples of any suspicious executables (installer, malicious files) that you suspect were involved in causing the infection can be submitted (uploaded) to VirusTotal and provide a link to the results in the topic where you are receiving assistance. This is the safest way of sharing malware since only vetted researchers can access it. 
 
The need for a malware sample is especially true for the following scenarios:

• Without a ransom note (and it's contents) or if this is something new.
• Without a ransom note (and it's contents) or if there is no filemarker in the encrypted files or if this is something new.
• Without a ransom note (and it's contents) or if there is no extension or filemarker in the encrypted files or if this is something new.
• When the extension is random or generic and there is no filemarker in the encrypted files, it is almost impossible to identify the infection without a sample of the malware itself or the ransom note.

These are some common folder variable locations malicious executables, .dlls and related files are known to hide:

• %SystemDrive%\ (C:\)
• %SystemDrive%\Downloads (C:\Downloads\)
• %SystemRoot% (C:\Windows, %WinDir%)
• %UserProfile% (C:\Users\User Name\)
• %UserProfile%\Downloads (C:\Users\User Name\Downloads\)
• %UserProfile%\AppData\Roaming\
• %AllUserProfile%
• %AppData%
• %AppData%\Local\Temp\
• %LocalAppData%
• %ProgramData% (C:\ProgramData\ and subfolders)
• %Temp% (C:\Windows, %UserProfile%\%AppData%\Local\)

Note: Some folders like %AppData% are hidden by the operating system so you may need to configure Windows to show hidden files & folders.
 
Also check the history logs and quarantine folders for your anti-virus and other security scanning tools to see if they found and removed any malware possibly related to the ransomware.
 
IT folks and advanced users who are ransomware victims can use Farbar Recovery Scan Tool (FRST), an advanced specialized tool designed to investigate for malicious files. FRST logs provide detailed information about your system, registry loading points, services, driver services, Netsvcs entries, known DLLs, drives, partition specifications and will also list system files that could be patched by malware. DO NOT post FRST logs...they are not permitted in this forum.

 
Note: It is not uncommon for the malware responsible for some ransomware infections to intentionally delete itself (the malicious payload) after the encryption process has been executed so that the files cannot be analyzed and decrypted. If that is the case, victims may not find any malicious executables.
 
Note: For victims who are dealing with an NAS (Network Attached Storage) Linux-based device, the malware most likely infected a Windows-based machine and encrypted the NAS over the network. The criminals could also connect via Samba/SMB (Server Message Block) and run the malware from their system to encrypt files over the Internet which essentially is the same as encrypting files over a network-mapped drive.

• Hunting Linux Malware for Fun and Flags
• Linux Malware Threat Hunting Primer - Part I
• Linux Threat Hunting Primer - Part II

Brief History of Ransomware - Operating Systems Targeted by Ransomware

The first known ransomware attack was in 1989 by the AIDS Trojan which spread via floppy discs containing malicious code that installed itself onto MS-DOS systems. Ransomware then reemerged in 2005–2009 with the Archiveus Trojan and GPcodeattacking the Windows operating systems. Ransomware began to go more widespread from 2009-2013 with the emergence of cryptocurrencies such as Bitcoin. In 2012 a variant of the Archiveus Trojan and Reveton worm was reported to target macOS with a noncryptographic attack. 

• History of Ransomware
• The History and Evolution of Ransomware Attacks

Although ransomware has been around for many years, financial success of CryptoLocker (Crilock) which appeared in the beginning of September 2013 gave it widespread media attention because it demonstrated how these infections could generate a large profit for criminals. This in turn led to a significantly increase in various other families of ransomwares to include CryptoWall in July 2014, CTB-Locker (Critroni) in July 2014, TeslaCrypt in February 2015 and Cerber in Match 2016. 

Simplified chronological table Ransomware Development (2013-2016) by by Amigo-A (Andrew Ivanov)

Various types of new ransomwares appeared after 2016 but Windows remained the primary target since Linux and macOS were more secure and not widely used. The first successful cryptographic ransomware attack (KeRanger) on macOS occurred in 2016.

Operating Systems Targeted by Ransomware:...Windows, Linux and macOS

• Breakdown of operating systems affected by ransomware
• Major Operating Systems Targeted by Ransomware
• How does ransomware affect different operating systems? Linux, macOS, Android, Windows
• Ransomware Targets: Windows vs. Linux

Traditionally malware was ineffective against Linux and Apple macOS X because most malware was not created to attack these operating systems. Linux and Apple Mac still occupy a very small share of the market when compared to the Windows platform. Malware writers prefer to write (design) malicious software which will attack and infect the widest audience range which currently is comprised of Windows users. 

Starting around 2017, the criminals set their sights on other operating systems like Linux and macOS and ransomware attacks increased considerably so these operating systems are not completely immune to malware infection, ransomware and exploits anymore. Linux servers in particular face potentially greater danger from infection since servers are a common attack vector used by those involved with the development and spread of ransomware. Most Linux attacks focus on exploiting vulnerabilities and RDP bruteforce attacks.

• Don’t believe these four myths about Linux security
• Busting The Myth: Apple MACs Do Get Viruses!
• Mac Malware Getting Serious - Security No Longer Optional

Linux is not immune to Ransomware/Malware:

• Linux-Based Ransomware
• Linux version of TargetCompany ransomware focuses on VMware ESXi
• Linux version of RTM Locker ransomware targets VMware ESXi servers
• Linux malware gets installed using 1-day exploits
• Linux Ransomware: Famous Attacks
• Anatomy of a Linux Ransomware Attack
• Linux and rise of Ransomware
• Linux Ransomware and why everyone could be affected
• Meet Ransom32: The first JavaScript ransomware for Windows, Mac and Linux
• KillDisk Ransomware Targets Linux
• FairWare Ransomware targeting Linux Computers
• Linux hit by crypto-ransomware
• Linux version of Qilin ransomware focuses on VMware ESXi
• How to deal with ransomware on Linux (and MacOS)

macOS is not immune to Ransomware/Malware:

• New crypto-ransomware hits macOS
• Patcher Ransomware Attacks macOS, Encrypts Files Permanently
• Mac ransomware on piracy sites
• New OS X Ransomware KeRanger
• FBI Ransomware Now Targeting Apple’s Mac OS X Users
• Mac Users Hit by Rare Ransomware Attack, Spread via Transmission BitTorrent App
• Apple Mac computers targeted by ransomware and spyware
• Meet Ransom32: The first JavaScript ransomware for Windows, Mac and Linux
• macOS devices targeted with Turtle ransomware
• How to deal with ransomware on Linux (and MacOS)

There are several ransomwares which are known to target QNAP NAS/Synology NAS devices to include eCh0raix (QNAPCrypt/Synology NAS), Muhstik (QNAP NAS), MARS (NAS), Qlocker (QNAP NAS), Bonsoir (QNAP NAS), Seven/7even Security, 0XXX (NAS), Polaris Ransomware (Linux servers), AgeLocker (QNAP NAS), Decryptiomega (NAS), HR (NAS) Ransomware and others.
 
For victims who are dealing with an NAS (Network Attached Storage) Linux-based device, the malware most likely infected a Windows-based machine and encrypted the NAS over the network. The criminals could also connect via Samba/SMB (Server Message Block) and run the malware from their system to encrypt files over the Internet which essentially is the same as encrypting files over a network-mapped drive. Attackers have been known to exploit the SQL Injection Vulnerability in Multimedia Console and the Media Streaming Add-On and Hard-Coded Credentials Vulnerability in HBS 3 Hybrid Backup Sync to execute the ransomware on vulnerable devices. Hacking passwords, OpenSSH vulnerabilities, exploiting security vulnerabilities and software are common attack vectors.

• Synology: Security Vulnerabilities
• Vulnerabilities And Exploits On Synology & QNAP NAS
• Ransomware uses brute-force SSH attacks to infect Linux-based NAS servers

Updated: 05/20/24

Release History of Master Keys/Decryptors for some major ransomwares

Security experts have had some success finding and exploiting flaws in ransomware, sometimes through reverse engineering which allow the creation of free decryption tools. However, reverse engineering the malware itself does not guarantee experts will be able to crack it especially if there isn't a known flaw as noted here by Emsisoft's CTO, Fabian Wosar. Law enforcement authorities have had some success arresting cyber-criminals utilizing various techniques, seizing their C2 servers and releasing the database of private (i.e. RSA, AES, Salsa20, ChaCha20, ECDH, ECC) keys to the public which enable security experts to create a decryptor tool. In some cases, the cyber-criminals, for whatever reason, choose to release the master keys after a period of time. Some of them have even released the keys here at Bleeping Computer by posting them in forum topics.
 
Although many local law enforcement agencies have cyber security units, they typically work closely with federal authorities which also work in partnership with Europol and other foreign investigative agencies as well as private security organizations. For example the No More Ransom (NMR) Project is a partnership of security experts...EC3, Politie, CERT.PL (CERT POLAND), Check Point, ElevenPaths, CISCO, anti-virus vendors (McAfee, Kaspersky, Avast, Bitdefender, Emsisoft, Trend Micro, ESET, F-Secure), BleepingComputer, numerous law enforcement agencies and various public and private entities (i.e. Acronis, CERT, Coveware, etc) from around the world with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals. 
 
This partnership includes collaboration and working together in order to track down, arrest and gain access to ransomware developer's Command & Control servers allowing experts to perform forensic analysis on the server and retrieve some of the victim's decryption keys. The seizure of master keys has enabled anti-virus vendor's and their forensic research teams to create decryptor tools for previously undecryptable ransomware such as TeslaCrypt, Crysis, HildaCrypt, Muhstik, Shade (Troldesh), CryptoLocker, GandCrab, Fonix, Ziggy and others.
 
So while what seems like an impossibility at the moment (decryption of your data), there is always hope someday there may be a potential solution. 

Updated: 06/14/24 - Release history of Master Keys for some major ransomwares:

In June 2014, the U.S Justice Department announced the successful takedown of the Gameover Zeus Botnet (ZBOT) which was responsible for the distribution of CryptoLocker. This multi-national effort included seizure of Cryptolocker servers by U.S. and foreign law enforcement officials working together. Thereafter, the master decryption keys for Cryptolocker were found and released during Operation Tovar which allowed FireEye and Fox-IT to provide a method of possibly retrieving a victim's private decryption key and a decryptor to use to decrypt their files.
 
In May 2016, the master decryption key for TeslaCrypt were released by the criminal developers after they shut down and posted it on their now defunct payment site. This allowed BloodDolly, a trusted Security Colleague and crypto malware expert, to update TeslaDecoder to version 1.0 so that it could decrypt version 3.0 and version 4.0 of TeslaCrypt encrypted files.
 
In November 2016, the master decryption keys for older variants of Crysis Ransomware were released on the BleepingComputer.com forums most likely by one of the developers of this ransomware.
 
In March 2017, the master decryption keys for Dharma (CrySiS) .dharma were released on the BleepingComputer.com forums in the same manner as the older variants.
 
In May 2017, the master decryption keys for Dharma (CrySiS) .wallet, .onion were released on the BleepingComputer.com forums again in the same manner as previous variants. The release of these keys allowed Kaspersky, ESET, Trend Micro and Avast to create decryptor tools.
 
In May 2017, the master decryption keys for AES-NI Ransomware were leaked to security expert thyrex (Alex Svirid) via a private message on a Russian forum. AES-NI victims can use the decrypter included in the download package to unlock their files. Avast released an alternative decrypter. for victims of both AESNI and XData using the leaked keys. ESET also released a decrypter tool for victims of both AES-NI and XData.
 
In February 2018, it was reported that the Romanian Police, Europol, DIICOT and other investigative agencies working together were able to track down and gain access to the criminal's Command & Control servers which allowed them to perform forensic analysis on the server and retrieve some of the victim's decryption keys for these variants. The seizure of these keys (and subsequent collaboration efforts) allowed Bitdefender Labs to create and release a GandCrab Ransomware Decryption Tool for victims of V1.
 
In October 2018, Bitdefender released a free Decryper Tool for GandCrab V4 and V5 as a result of collaboration between several law enforcement organizations, including the Romanian Police, Europo and counterparts from other countries (Bulgaria, France, Hungary, Italy, Poland, the Netherlands, United Kingdom, and the United States). The investigation and collaboration of these partners allowed Bitdefender to update their decryptor tool to support more variants. 
 
In January 2019, the master decryption keys for FilesLocker Ransomware were released which allowed Demonslay335 (Michael Gillespie) to create a decryptor that can decrypt files encrypted by version 1 and 2 and the .[fileslocker@pm.me] extension appended to their file names.
 
In February 2019, Bitdefender released a free Decryper Tool for GandCrab V5.1. Again, this was possible as a result of collaboration with the Romanian Police, Europol and other law enforcement agencies which allowed Bitdefender to update their decryptor tool to support the V5.1 variant.
 
In October 2019, the master decryption keys for HildaCrypt Ransomware were released by the criminal developers. This allowed Emsisoft to create a free decryptor for victims of HildaCrypt.
 
In October 2019, the master decryption keys for Muhstik Ransomware were released after a victim hacked the criminals. This allowed Emsisoft to create a free decryptor for victims of Muhstik.
 
In April 2020, the master decryption keys for Shade (Troldesh) Ransomware were released after the criminals created a GitHub repository and shut down their operation. The developers stated that they stopped distributing the ransomware at the end of 2019 and provided instructions on how to recover files using the released keys.
 
In January 2021, the master decryption keys for Fonix ransomware were released along with an admin tool after the FonixTeam shut down their operation. This allowed Emsisoft to create a free decryptor for victims of this infection.
 
In February 2021, the master decryption keys for Ziggy Ransomware were released along with a decryptor and SQL file after the criminals shut down their operation. This allowed Emsisoft to create a free decryptor for victims of this infection.
 
In June 2021, the master decryption keys for Avaddon Ransomware were released to BleepingComputer.com. when the criminals shut down their operation. After confirming the decryption keys were authentic Emsisoft released a free decryptor that all victims can use to recover their files for free.

When it comes to ransomware, patience pays when you don’t pay!

...law enforcement and the IT security industry are working 24/7 to identify the perpetrators of these crimes. It is common for law enforcement to seize servers, laptops and other evidence that can lead to a break through. These seizures can often uncover master keys to a given type of ransomware, or enough evidence to significantly help the development of a public decryption tool. Also, there is an active global network of security researchers that work on these problems. These researchers are aided by victims who submit samples, peer security firms, and law enforcement in collecting the necessary resources to build new decryption tools. The lesson is that if you can afford to wait, you should.