Source |
CISCO Talos |
Identifiant |
2040640 |
Date de publication |
2020-11-17 10:56:55 (vue: 2020-11-17 21:05:04) |
Titre |
Nibiru ransomware variant decryptor |
Texte |
Nikhil Hegde developed this tool.
Weak encryption
The Nibiru ransomware is a .NET-based malware family. It traverses directories in the local disks, encrypts files with Rijndael-256 and gives them a .Nibiru extension. Rijndael-256 is a secure encryption algorithm. However, Nibiru uses a hard-coded string "Nibiru" to compute the 32-byte key and 16-byte IV values. The decryptor program leverages this weakness to decrypt files encrypted by this variant.
Ransomware
Nibiru ransomware is a poorly...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Envoyé |
Oui |
Condensat |
256 algorithm based beginning blog byte coded complete compute decrypt decryptor developed directories disks encrypted encryption encrypts entry extension family files gives hard hegde however key leverages local malware net nibiru nikhil only please poorly program ransomware rijndael secure string them tool traverses uses values variant visit weak weakness |
Tags |
Ransomware
Malware
|
Stories |
|
Notes |
|
Move |
|