Info@NationalCyberSecurity
Info@NationalCyberSecurity
0

Black Basta: Security Researchers Develop Decryptor for Black Basta Ransomware | #ransomware | #cybercrime


The decryptor, named ‘Black Basta Buster,’ was developed by Security Research Labs (SRLabs) and takes advantage of a flaw in the encryption algorithm used by the Black Basta ransomware gang.

In a recent breakthrough, security researchers have created a decryptor that exploits a vulnerability in the Black Basta ransomware, enabling victims to recover their files without paying the ransom. The decryptor, named ‘Black Basta Buster,’ was developed by Security Research Labs (SRLabs) and takes advantage of a flaw in the encryption algorithm used by the Black Basta ransomware gang.

According to a report by the BleepingComputer, the vulnerability in Black Basta’s encryption routine allowed victims from November 2022 to the present month to potentially recover their files for free. However, it has been reported that the developers of Black Basta recently addressed the bug in their encryption mechanism, preventing the use of this decryption technique in newer attacks.

Understanding the Black Basta Flaw

SRLabs discovered a weakness in the encryption algorithm employed by Black Basta, which enabled the creation of the ‘Black Basta Buster’ decryptor. The flaw is associated with how the ransomware handles the ChaCha keystream used in XOR encryption.

The decryption process relies on the knowledge of the plaintext of 64 encrypted bytes. The recoverability of a file depends on its size, with files below 5000 bytes deemed irrecoverable. For files ranging from 5000 bytes to 1GB, complete recovery is possible. Files larger than 1GB will lose the first 5000 bytes, but the remainder can be recovered.



Source link

National Cyber Security

FREE
VIEW