Japanese police release Lockbit 3.0 ransomware decryption tool | iThome

2024-02-21 13:41:15

Lockbit 3.0 ransomware victims can save themselves! Recently, the British National Crime Agency (NCA) launched a cybercrime operation against this organization. Under the coordination of Europol, it cooperated with France, Germany, the Netherlands, Sweden, Australia, Canada, Japan, the United States, Swiss law enforcement agencies teamed up to destroy the infrastructure of the ransomware LockBit, seize its leaked website, and freeze crypto or currency accounts related to the organization’s crimes, attracting attention from the international and security circles.

This operation has attracted much attention because LockBit has been the most active ransomware group in the world in 2022 and 2023. In particular, a joint report by multinational cybersecurity agencies in 2023 stated that there were more than 1,600 victim organizations around the world, with illegal gains exceeding US$90 million. Nowadays, the global number of victims has increased to more than 2,000, and many companies in Taiwan have also been harmed by it. For example, TSMC supplier Qinghao Technology last year, and recently the semiconductor equipment major Jingding Precision and many other listed companies and non-profit companies. Listed cabinet companies.

In particular, when the global police announced the capture of LockBit, they mentioned that decryption tools would be released in the next few days or weeks. Today (21st) we found that inNo More Ransom project website to combat ransomware cybercrimeRecently, the Japanese police have provided Lockbit 3.0 Ransom decryption tool, which can help victims recover encrypted data.

Regarding the provision of the Lockbit 3.0 Ransom decryption tool, according to the Japanese media Nikkei, the Japanese police officially announced the launch of this decryption tool on the 20th and stated that it had been provided to Europol in December last year after reverse engineering. , the decryption tool was proven effective at the time. However, the development of decryption tools is usually not made public because this may allow attackers to adopt new countermeasures. Now, with the joint efforts of international law enforcement, the infrastructure of the ransomware LockBit has been successfully taken over, so the Japanese police decided to make the decryption tool public.

police in japanPublished informationIt also explains that the Kanto Police Department’s Cyber ​​Crime Investigation Team spent several months analyzing the encryption mechanism of the LockBit ransomware through reverse engineering analysis and developing a decryption tool. In the future, the Japanese police will also encourage local victim companies to consult the police station on decryption issues.

On No More Ransom, we also saw the usage guide for the Lockbit 3.0 Ransom decryption tool, which is currently version 0.5. It states that the download file (Decryption_Checker_for_LockBit.zip) contains two tools that can be used to evaluate whether the victim can decrypt. and recovery data. They also admit that they have tried their best, but they still cannot guarantee that they can help all victims.

Simply put, the first tool is Decryption ID checker, which compares a victim’s specific decryption ID against a list of decryption keys known to law enforcement agencies. Once a matching key is found, it means that there may be a decryption solution to the victim’s situation, and he or she will be able to follow the instructions received.

The second tool is Check Decrypt for LockBit 3.0. This tool collects diagnostic information about decryption to help users determine whether it is possible to decrypt a portion of an encrypted file.

At present, we see that these two tools are command line tools. The guide also mentions that these two tools do not need to be installed and can be used in an offline environment. However, according to past experience, if it is to be downloaded and used by common victims, the No More Ransom platform usually requires a graphical user interface (GUI) version of the decryption tool. Perhaps this is also the decryption tool usage guide or 0.5 version of the reason.

It is also worth mentioning that during the Lunar New Year, researchers from South Korea’s National University published a paper stating that they had found the implementation loopholes in the ransomware Rhysida and cracked it. They also said that they would provide a decryption tool in the near future. Now we are also working on No On the More Ransom platform, we saw that the security company Avast has released the Rhysida Ransom decryption tool.

existEuropolU.S. Department of JusticeAfter announcing that law enforcement agencies from multiple countries have joined forces to defeat LockBit, the world’s largest ransomware group, the company has continued to fight against ransomware cybercrimes.No More Ransom project websitewe found that the Japanese police have released a decryption tool for Lockbit 3.0 Ransom.

In addition to providing the Lockbit 3.0 Ransom decryption tool, it also provides a usage guide for the decryption tool, which also states that this decryption tool is currently version 0.5.

#Japanese #police #release #Lockbit #ransomware #decryption #tool #iThome

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.