1 min read

Cybersecurity Researchers Crack Rhysida Ransomware, Release Decryption Keys


February 13, 2024

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Cybersecurity Researchers Crack Rhysida Ransomware, Release Decryption Keys

Cybersecurity experts discovered a vulnerability in Rhysida ransomware that lets them rebuild encryption keys and unscramble documents ciphered by the infamous ransomware.

South Korean Researchers Cracked Rhysida

The discovery was made by a team of South Korean researchers from Kookmin University and the Korea Internet and Security Agency, including Giyoon Kim, Soojin Kang, Seungjun Baek, Kimoon Kim and Jongsung Kim.

“We performed an in-depth analysis of Rhysida Ransomware,” reads the research team’s paper. “Through a comprehensive analysis of Rhysida Ransomware, we identified an implementation vulnerability, enabling us to regenerate the encryption key used by the malware. Subsequently, we developed a recovery tool for systems infected with Rhysida ransomware, which requires no additional information.”

Encryption Keys Revealed, Recovery Tool Now Available

The malicious tool’s shortcoming consisted of an “implementation vulnerability” affecting its random number generator. Once bypassed, the mechanism let researchers regenerate the random number generator’s internal state at the time of the infection.

In other words, researchers could revert the random number generator to a previous state, revealing the encryption keys that decipher data locked by Rhysida ransomware.

After identifying the weak spot and confirming the method’s efficacy, researchers developed a recovery tool and distributed it through KISA.

Brief History of Rhysida Ransomware

Rhysida ransomware emerged as a significant cybersecurity threat in May 2023. It has since targeted various sectors, including government, education, technology, and manufacturing, before shifting its focus to healthcare and public health organizations.

Rhysida is notorious for its complex encryption technique, namely using a 4096-bit RSA key in conjunction with the ChaCha20 algorithm to lock victim’s files, appending the “.rhysida” extension to encrypted documents.

In December 2023, Rhysida ransomware operators hacked Insomniac Games and demanded $2 million in Bitcoin to refrain from releasing confidential information, including employees’ passport scans, details about an upcoming Wolverine game, and other personal documents.

Keeping Safe From Ransomware and Other Threats

Dedicated software is crucial in protecting your devices and documents against Rhysida ransomware and other intrusions. Bitdefender Ultimate Security can keep you safe from ransomware, viruses, Trojans, worms, zero-day exploits, spyware, rootkits, zero-day exploits, and other digital threats.




Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.

View all posts

You might also like