Risky Bulletin Newsletter
February 14, 2024
Risky Biz News: Rhysida ransomware secretly decrypted nine months ago
Presented by

News Editor
South Korean researchers have cracked the encryption scheme used by the Rhysida ransomware and have released a decrypter that can allow victims to recover files without paying the ransom.
The decrypter is available through the website of South Korea's cybersecurity agency (KISA) and is based on a white paper published by academics from Kookmin University and KISA members.
The decryption tool works only for Windows systems and exploits a weakness in the ransomware's cryptographically secure pseudo-random number generator (CSPRNG). This is an algorithm that takes data from a local PC to generate a random number that is then used to create an encryption key that Rhysida uses to encrypt a victim's files.