Fortinet discovers a Cryptonite sample in the wild that never provides decryption capabilities. Cryptonite is an open-source ransomware toolkit developed initially by CYBERDEVILZ group with very few contributors later it forked 41 times on GitHub but after the Fortinet issue a Ransomware roundup series was all removed from GitHub.
Cryptonite is a lightweight ransomware that supports very limited barebone implementation of ransomware like BTC wallet address, email address, and server URL with exclusion list and Fortinet fount that it uses very simple encryption and decryption process.
"This sample demonstrates how a ransomware's weak architecture and programming can quickly turn it into a wiper that does not allow data recovery. Although we often complain about the increasing sophistication of ransomware samples, we can also see that oversimplicity and a lack of quality assurance can also lead to significant problems. On the positive side, however, this simplicity, combined with a lack of self-protection features, allows every anti-virus program to easily spot this malware." Fortinet said.
No comments:
Post a Comment