Security researchers have released a free decryption utility which victims of Ims00rry ransomware can use to recover their files.
In its research, Emsisoft explains that Ims00rry leverages AES-128 to encrypt users’ files. It doesn’t add an extension to each encrypted file once it’s done, however. Instead, it adds “—shlangan AES-256—” to each affected file’s contents.
After completing its encryption routine, the ransomware saves a ransom note to each infected machine. This note instructs victims to contact the digital attackers via the Telegram bot @Ims00rybot so that they can pay $50 in exchange for the decryption software.
Here’s the exact text of the ransom message, as provided by Emsisoft:
I am sorry!!!
My friend. I want to start my own business, but i have no money.
All your files photos, databases, documents and other important are encrypted with strongest encryption and algorithms RSA 4096, AES-256.
If you want to restore your files payment and write to Telegram bot
Price decrypt software is $50.
Do not rename or move the encrypted files.
Contact Telegram bot:
Emsisoft is urging victims of Ims00rry to not pay the ransom and to use its decryptor instead.
The emergence of this decryption tool highlights security researchers’ ongoing efforts to thwart ransomware attackers. Organizations can help these experts in their work by making it as difficult as possible for bad actors to successfully infect their workstations with ransomware. To do this, they should follow these steps designed to prevent a crypto-malware infection in the first place. They should also invest in a solution that’s capable of defending their systems against known malware (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/latest-security-news/free-decryptor-released-for-ims00rry-ransomware/