2 min read

Design Flaw Accidentally Turns Open-Source Ransomware Toolkit into Wiper Malware

Vlad CONSTANTINESCU

December 06, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Design Flaw Accidentally Turns Open-Source Ransomware Toolkit into Wiper Malware

Researchers discovered that an open-source ransomware toolkit was accidentally converted into a data wiper due to architecture and programming faults.

Unlike other types of ransomware, which are usually sold via underground channels, the Python-written toolkit, dubbed Cryptonite, was available for free on CYBERDEVILZ’s GitHub repository. Cryptonite used Python’s Fernet symmetric encryption module, appending the “.cryptn8” extension to ciphered documents. GitHub recently took Cryptonite’s source code and all of its forks.

Fortinet researchers discovered a sample of the ransomware that acted like a wiper malware strain. The sample initially worked as expected, encrypting documents and attaching its specific file extension. However, the malicious executable never displayed the ransom note nor the decryption dialog that could’ve allowed victims to recover their files.

Closer analysis revealed that, while the sample does generate an encryption key, it never sends it to the threat actors. Even worse, the program can’t run in a “decryption-only” mode; attempting to execute it repeatedly just re-encrypts documents with a different key.

Last but not least, the program permanently deletes the key when it closes or encounters an exception. Researchers agreed that the ransomware wasn’t deliberately turned into a wiper; poor architecture and a lack of quality assurance apparently triggered the sample’s malfunction.

“Although we often complain about the increasing sophistication of ransomware samples, we can also see that oversimplicity and a lack of quality assurance can also lead to significant problems,” Fortinet writes in a security advisory. “On the positive side, however, this simplicity, combined with a lack of self-protection features, allows every anti-virus program to easily spot this malware.”

Last month, several organizations in Ukraine were hit by Somnia, a new strain of ransomware. Like Cryptonite’s crooked sample, Somnia lacked decryption capabilities. However, Somnia’s operators intentionally disabled the decryption feature, turning it into a wiper to further damage compromised systems.


Dedicated software such as Bitdefender Ultimate Security can keep you safe from ransomware and other cyberthreats thanks to its extensive list of features, including:

  • Multi-layer ransomware protection that prevents ransomware attacks from harming your documents, videos, pictures and music
  • All-around, continuous data protection against Trojans, worms, viruses, zero-day exploits, ransomware, spyware and other e-threats
  • Behavioral detection module that thoroughly monitors active apps on your system and takes instant action upon detecting suspicious activity
  • Network threat prevention technology that scans for suspicious network-level activities and blocks them before they can harm you

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

BBB Warns Social Security Beneficiaries of Cost of Living Adjustment Scams BBB Warns Social Security Beneficiaries of Cost of Living Adjustment Scams
Alina BÎZGĂ

February 01, 2023

2 min read
Planet Ice hacked! 240,000 skating fans' details stolen Planet Ice hacked! 240,000 skating fans' details stolen
Graham CLULEY

January 31, 2023

2 min read
QNAP Rolls Out Urgent Patch to Fix SQL Injection Flaw in NAS Devices QNAP Rolls Out Urgent Patch to Fix SQL Injection Flaw in NAS Devices
Filip TRUȚĂ

January 31, 2023

1 min read