RanHassan Ransomware Decryptor Now Available
A new decryptor for the RanHassan ransomware is now available for download. First isolated in May 2022, this family of ransomware seems to primarily target victims in India and Arab-speaking countries.
The tell-tale signs of a RanHassan infection are the presence of ransom notes called
How to decrypt ransomed files
Step 1: Download the decryption tool below and save it on the infected device:
Step 2: Run the tool and accept the End User License Agreement.
Step 3: Select a folder to scan for encrypted files or let the tool find all files on the system. In order for the tool to identify the correct keys, you need at least one encrypted file and its unencrypted version.
Step 4: Start the decryption process and let the tool run until all files are decrypted.
Silent execution (via cmdline)
The tool can also be executed silently via a command line. If you need to automate the deployment of the tool inside a large network, you might want to use this feature.
-help - will provide information on how to run the tool silently (this information will be written in the log file, not on console)
start - this argument allows the tool to run silently (no GUI)
-scan-path - this argument specifies the path containing encrypted files
-full-scan - will enable the Scan entire system option (ignoring -scan-path argument)
-disable-backup - will disable the file Backup option
-replace-existing - will enable the Replace previously decrypted files option
-test-path - specifies a folder containing pairs of clean-encrypted files
BDRanHassanDecryptTool.exe start -scan-path: C:\-> the tool will start with no GUI and scan C:\
BDRanHassanDecryptTool.exe start -full-scan-> the tool will start with no GUI and scan the entire system
BDRanHassanDecryptTool.exe start-full-scan -replace-existing -> the tool will scan the entire system and overwrite present clean files
This product includes software developed by the OpenSSL Project, for use in the OpenSSL Toolkit (http://www.openssl.org/)
K7Security Labs have published a technical analysis of the RanHassan (DCDcrypt) here.
A Red Team Perspective on the Device42 Asset Management Appliance
August 10, 2022
Vulnerabilities Identified in Wyze Cam IoT Device
March 29, 2022
New FluBot and TeaBot Global Malware Campaigns Discovered
January 26, 2022
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately
December 10, 2021
Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand
November 08, 2021
Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware
September 16, 2021