Kaspersky releases free decryptor for Yanluowang ransomware

1 Comment
Binary skull

While the Russian security firm has fallen out of favor in recent months, Kaspersky has announced that it has managed to crack the Yanluowang ransomware.

Yanluowang was discovered by Symantec last year, and now Kaspersky has identified a vulnerability in the encryption algorithm it uses. This has enabled the company to develop a free decryption tool which can be used by ransomware victims to get their data back without having to pay a cent.

See also:

Yanluowang is known to have struck in various countries including the United States, Brazil and  Turkey. The decryptor that has been developed will be welcomed by victims, but Kaspersky warns that at least one original file is needed in order for it to work.

In a posting about the release of the free tool, Kaspersky says:

Kaspersky experts have analyzed the ransomware and found a vulnerability that allows decrypting files of affected users via a known-plaintext attack. All that was required for this to work was added to the Rannoh decryption tool.

To decrypt a file, you should have at least one original file. As mentioned earlier, the Yanluowang ransomware divides files into big and small files along a 3 gigabyte threshold. This creates a number of conditions that must be met in order to decrypt certain files:

- To decrypt small files (less than or equal to 3 GB), you need a pair of files with a size of 1024 bytes or more. This is enough to decrypt all other small files.

- To decrypt big files (more than 3 GB), you need a pair of files (encrypted and original) no less than 3 GB in size each. This will be enough to decrypt both big and small files.

By virtue of the above points, if the original file is larger than 3 GB, it is possible to decrypt all files on the infected system, both big and small. But if there is an original file smaller than 3 GB, then only small files can be decrypted.

More information is available in Kaspersky's How to recover files encrypted by Yanlouwang post.

Image credit: Blankstock / depositphotos

1 Comment

One Response to Kaspersky releases free decryptor for Yanluowang ransomware

Got News? Contact Us

Recent Headlines

Start menu ads are rolling out to all Windows 11 users -- here's how to turn them off

Qualcomm introduces Snapdragon X Plus for Windows PCs

Free test lets you check how websites measure up to privacy rules

Audacity 3.5 adds cloud project saving for collaboration, backup and file versioning

Get 'Principles of Data Science -- Third Edition' (worth $39.99) for FREE

CISOs worry about gen AI leading to security breaches

Six out of 10 businesses struggle to manage cyber risk

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

62 Comments

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

20 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

17 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

17 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

16 Comments

Microsoft releases preview version of Office 2024 for Windows and macOS -- download it now!

12 Comments

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

10 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.