Anti-Virus Maker Discovers A Bug within Ryuk Ransomware
An antivirus maker discovered a bug in the decrypter application of the Ryuk Ransomware, the application “the Ryuk gang” basically provides to victims to recoup their files, after they paid the ransom.
While the bug causes a deficient recuperation of certain types of documents, prompting data loss, regardless of whether the victim paid the ransom demand, the primary issue, as elaborated by the antivirus maker Emsisoft in a blog post, is that the decrypter shortens one byte from the end of each file it decodes.
The secondary issue is that the Ryuk gang’s decryptor additionally erases the original encoded files, which means that the victims can’t re-run the ‘decryption operation’ again with a “fixed” decryptor.
While the last byte in many records is there for cushioning and is generally unused, for some file extensions those bytes contain essential data that when expelled will permanently degenerate that information and thusly prevent the document from being opened.
“A lot of virtual disk type files like VHD/VHDX as well as a lot of database files like Oracle database files will store important information in that last byte and files damaged this way will fail to load properly after they are decrypted,” Emsisoft says.