Bitcoin Ransomware Hackers Lose Control of Their Decryption Tool

Michael LaVere
  • Software firm Emsisoft warns that attacks broke their own decryption tool for the Ryuk ransomware.
  • Affected users are at risk of having their files deleted despite paying the bitcoin ransom. 

A security firm has warned that the Ryuk bitcoin ransomware has broken its own decryption tool, causing affected users to lose their files even after sending the BTC ransom. 

Software company Emsisoft told news outlet The Next Web that the hackers behind the Ryuk ransomware are responsible for the decryption error. According to the security firm, a recent update made to Ryuk caused the program to alter the way it calculates the length files, inadvertently making the decryption tool defunct, 

As a result, the decryptor provided by the Ryuk authors will truncate files, cutting off one too many bytes in the process of decrypting the file. Depending on the exact file type, this may or may not cause major issues.

Users who pay the crypto ransom are still at risk of losing their files and data, depending on where the byte cutoff is made. 

Emsisoft recommends Ryuk victims backup encrypted data before running the decryption key,

A final word of advice: prior to running any ransomware decryptor – whether it was supplied by a bad actor or by a security company – be sure to back up the encrypted data first. Should the tool not work as expected, you’ll be able to try again.

Featured Image Credit: Photo via Pixabay.com