Jump to content

Xtbl Ransomware Decrypt Tool


Recommended Posts

screen2.png

 

Decryption

We developed a tool that decrypts files encrypted by this malware only. First, the tool will recover the encryption key using one encrypted file.

Please use an encrypted file with the last modification timestamp untouched.

Conclusion

Statistics show that the threat of being infected by a ransomware has only begun. Each month, more and more ransomware variants are detected.

Some of them do not use state of the art cryptography yet, or badly use it to encrypt files, such as in our case. But in most cases, there is no way to decrypt the file without having the secret key of the attacker.

 

Here, the fail comes from the rand function call which is not correctly seeded beforehand, the use of the timestamp which can easily be bruteforced and the number of milliseconds which holds a limited space of possibilities.

 

This post also highlights the good cooperation between the Pentest and the R&D team of Sogeti ESEC. For that, special thanks to lerobert, jbedrine, meik, who also worked on this incident response.

Hidden Content

    Give reaction to this post to see the hidden content.

 

Hidden Content

    Give reaction to this post to see the hidden content.
Ransomware-xtbl-decrypt-tool

  • Like 5
  • Thanks 1
Link to comment
×
×
  • Create New...