A bit of good news this week. About time too.
The very clever, not to mention opportunistic researchers at the Slovakian security company ESET appear to have gotten their hands on the Master Key for the TeslaCrypt ransomware software ?
How? What? Why? We hear you cry. Well, bizarrely the story goes that they just asked for it, to be told by the bad guys or their agent that the TeslaCrypt project was closed and that they were sorry, along with a copy of the Master key.
This is obviously very good news for recently infected individuals, or people who refused to pay up (well done you) and lost data in an attack and also for those yet to be infected by this piece of filth which is no doubt still lurking around in compromised advertisements on a multitude of webservers.
There are already a number of tools released to allow straightforward decryption of yours, or your friend’s stuff, take a look at ESET’s free tool here.
Or Kasperky’s Rannoh decryptor here.
Kaspersky actually appears to have released this tool before the ESET Master Key announcement, which is either a coincidence, or not. I think you all know where we stand on coincidences.
One of our associates over at Tiberium Security recently brought an online spreadsheet of some serious Crypto/ransomware research analysis and decrypt recommendations to our attention. If you are in the business of decryption, or just intrigued by this murky world, you may want to take a look. You can find it here.
Obviously our standard recommendations for dealing with ransomware still stand – train and educate your people, keep AV up to date, keep backups, don’t pay whatever happens (we suppose if it’s a matter of life and death, that would be OK), train and educate your people.
With every silver lining there is a cloud waiting to choke you and this week’s ominous Cumulonimbus is the fact that a gazillion billion LinkedIn passwords are available for sale from a hacker that calls itself ‘Peace’ on the Dark Web (mwahahaha).
Ok maybe not a gazillion billion, just the 117 Million. These appear to have been mined in the infamous LinkedIn breach of 2012 and have obviously been doing the rounds amongst the organised crime fraternity before popping up as commodities, stack ‘em high, buy them cheap.
Now we don’t suppose that any of our razor sharp readers would either leave a password unchanged for nearly four years, or, perish the thought, use the same password on multiple publicly accessible systems, but if you do, or have a friend that might, get with the programme and change your passwords before someone else does.
And whilst you are about it, enable two factor authentication on every system that offers it, which is pretty much every system these days, so there is very little wiggle room for any excuses.
That’s it for this week. If you would like to discuss any of this with one of our keen and eager security specialists, please contact us at: 020 7517 3900 or email [email protected].
P.S. We don’t believe for a moment that the TeslaCrypt people are ‘sorry’. Oh no we don’t.