National Cyber Warfare Foundation (NCWF) Forums


Nibiru ransomware variant decryptor


0 user ratings
2020-11-17 19:00:44
milo
Malware
Nikhil Hegde developed this tool. Weak encryption The Nibiru ransomware is a .NET-based malware family. It traverses directories in the local disks, encrypts files with Rijndael-256 and gives them a .Nibiru extension. Rijndael-256 is a secure encryption algorithm. However, Nibiru uses a hard-coded string “Nibiru” to compute the 32-byte key and 16-byte IV values. The […

Nikhil Hegde developed this tool.


Weak encryption


The Nibiru ransomware is a .NET-based malware family. It traverses directories in the local disks, encrypts files with Rijndael-256 and gives them a .Nibiru extension. Rijndael-256 is a secure encryption algorithm. However, Nibiru uses a hard-coded string “Nibiru” to compute the 32-byte key and 16-byte IV values. The decryptor program leverages this weakness to decrypt files encrypted by this variant.


Read more



Source: cisco
Source Link: https://blogs.cisco.com/security/talos/nibiru-ransomware-decryptor


Comments
new comment
Nobody has commented yet. Will you be the first?
 
return to home



Copyright 2012 through 2021 - National Cyber Warfare Foundation - All rights reserved worldwide.