Unlocked! Recovering files taken hostage by ransomware (37x23)
Exibido em:: Dez 27, 2023
We present an analysis and recovery method for files encrypted by Black Basta, the "second most used ransomware in Germany".
We analysed the behaviour of a ransomware encryptor and found that the malware uses their keystream wrongly, rendering the encryption vulnerable to a known-plaintext attack which allows for recovering affected files. We confirmed the finding by implementing tools for recovering encrypted files.
