Ryuk ransomware victims face the worst dilemma as hackers damage decoder

Researchers from the security solution company Emsisoft have revealed that Ryuk ransomware hackers have damaged their own decryption software, causing a complete data loss, despite receiving payments from frantic victims.

Throughout the year 2019, government entities, corporates and individuals continued to encounter cases of ransomware attacks that resulted in a substantial loss like network downtime, expensive restoration efforts, delayed services, and more. Of all the cyberattacks that took place, Ryuk ransomware seemed to be the deadliest and damaging. Once it gains access to the system, the ransomware continues to infect as many end-users as possible, until the Bitcoin ransom is paid.

However, it now appears that the latest victims of the notorious Bitcoin ransomware Ryuk are in a deadlock. If they do not pay their attackers, they might lose access to their encrypted files entirely or choose to pay them and receive a decoding tool that is faulty and inoperable.

Recent Ryuk ransomware attack puts victims between a rock and hard place

Researchers at Emsisoft report that hackers themselves are the ones to be blamed for losing control of their decryption tool, leaving users to deal with another challenge – how to regain control of their systems as well as their Bitcoin holdings. Thus, the security firm is trying its very best to get the word out as quickly as possible to prevent more users from falling prey to this challenging situation.

The researchers point out what caused this irreparable damage. Apparently, a recent update made on Ryuk software resulted in the program to inadvertently alter the way it measures the length files. The decoder provided by the Ryuk hackers happens to shorten lengths too many bytes at the time of decryption. This, ultimately, rendered the tool defunct.

If you’re lucky and the cut-off byte is unused, and thus unnecessary, the decryption process will work just fine, researchers claim. So, whether or not one tends to lose the data entirely depends on the file type. And if you’re among those not so lucky, unfortunately, there is currently no way to recover the lost files.

Emsisoft has thus forewarned Ryuk victims to take a backup of the encrypted data before running any kind of ransomware decoder, irrespective of the authenticity of the provider. In case the decoder encounters problems while execution, users will be able to try again.

Featured Image by Pixabay

About the author

Leave a Reply

Your email address will not be published. Required fields are marked *