https://www.bleepingcomputer[.]com/...ictims-quietly-helped-using-secret-decryptor/
Hitting the BlackMatter gang where it hurts: In the wallet
A bug in BlackMatter's encryption enabled us to help victims recover their data and avoiding tens of millions of dollars in ransom demands.
blog.emsisoft.com
A secret BlackMatter decryptor
Soon after the BlackMatter ransomware operation launched, Emsisoft discovered a flaw allowing them to create a decryptor recover victim's files without paying a ransom.
Emsisoft immediately alerted law enforcement, ransomware negotiations firms, incident response firms, CERTS worldwide, and trusted partners with information about the decryptor.
This allowed these trusted parties to refer BlackMatter victims to Emsisoft to recover their files rather than pay a ransom.
"Since then, we have been busy helping BlackMatter victims recover their data. With the help of law enforcement agencies, CERTs and private sector partners in multiple countries, we were able to reach numerous victims, helping them avoid tens of millions of dollars in demands," explains Wosar in a blog post about the BlackMatter decryptor.
Other than referrals, Emsisoft was also contacting victims found through BlackMatter samples and ransom notes publicly uploaded to various sites.
When a BlackMatter samples becomes public, it was possible to extract the ransom note and gain access to the negotiations between the victim and the ransomware gang. After identifying the victim, Emsisoft would privately contact them about the decryptor so they they did not have to pay the ransom.
If Emsisoft could find the ransomware samples and notes, though, other people could as well and have used them to hijack negotiation chats or shared images of the chats on Twitter.
This ultimately led to BlackMatter locking down their negotiation site so that only the victims could gain access, making it impossible for researchers to find victims this way.
тишком декриптили значит-ся -> XD
BlackMatter - RIP или че?
Последнее редактирование:
Если декриптор действительно существует, могли бы его выложить (раз он не актуален) в качестве подтверждения своих слов вместе с семплами зашифрованных файлов, чтобы можно было проверить работоспособность. Позиция у emsisoft, в данном случае шаткая, можно и за пизд*болов прослыть, раз не могут документально подтвердить свои слова. Сказал "А", говори "Б".