Yalon, which is based on the open-source ransomware Hidden
Tear, has been primarily used to hit targets in Germany, China, the Russian
Federation, India and Myanmar, Kaspersky
noted. Luckily, Yalon’s creator made the mistake of using a third-party malware
without checking for vulnerabilities and due to mistakes in the cryptographic
scheme Kaspersky said it was able to create a decryptor.
FortuneCrypt was found to have a particularly weak cryptographic
scheme enabling the files to be easily recovered, Kaspersky said, although it
is quite unique being the only ransomware
the company has found written in Blitz BASIC. This is a relatively simple
language designed for beginners and intended to create games.
In the last year Kaspersky detected more than 6,000 attacks using
the Trojan-Ransom.Win32.Crypren family, of which FortuneCrypt belongs,
targeting the Russian Federation, Brazil, Germany, South Korea and Iran.
The decryptors can be found at:
https://support.kaspersky.com/viruses/disinfection/10556
https://www.nomoreransom.org/en/decryption-tools.html
Gloss