Ferramenta gratuita para decifrar ficheiros do HiddenTear Ransomware chamada de HT Brute Force e  publicada pelo investigador Michael Gillespie.

Em 2015, os investigadores turcos, Utku Sen, publicaram o ransomware HiddenTear, o primeiro ransomware open-source para fins educacionais.

O código original foi decifrado pelos cryptoanalistas, por esse motivo, muitas outras variantes baseadas nele também foram surgindo ao longo do tempo.

O HT Brute Forcer atualmente suporta várias variantes do HiddenTear, incluindo:
8lock8, AnonCrack, Assembly, Balbaz, BankAccountSummary, Bansomqare Wanna, Blank, BloodJaws, Boris, CerberTear, CryptConsole2, CryptoKill, CyberResearcher, Data_Locker, Dev-Nightmare 2xx9, Diamond, Domino, Donut, dotRansom, Executioner, Executioner2, Executioner3, Explerer, FlatChestWare, Frog, Fuck_You, Gendarmerie, Horros, JobCrypter, Jodis, J-Ransomware, J-Want-To-Cry, Karmen, Kraken 2.0, Kratos, LanRan, Lime, Lime-HT, Luv, Matroska, MireWare, MoonCrypter, MTC, Nobug, Nulltica, onion3cry, OpsVenezuela, Paul, PayOrDie, Pedo, PGPSnippet, Poolezoor, Pransomware, Predator, Qwerty, Random6, Random6 2, Randion, RansomMine, Rootabx, Saramat, Shrug, ShutUpAndDance, Sorry, Symbiom, TearDr0p, Technicy, The Brotherhood, TheZone, tlar, TotalWipeOut, TQV, Ton, VideoBelle, WhiteRose, WhiteRose2, Zalupaid, ZenCrypt, Zenis, ZeroRansom, Zorro

 

As vítimas do HiddenTear Ransomware podem seguir o procedimento passo a passo, publicado pela Bleeping Computer, para recuperar os ficheiros infetados de forma gratuita.

hiddentear-bruteforcer

  • Click on the Browse Sample button and choose an encrypted PNG file. Experts suggest choosing the smaller one.
  • Click on the Start Bruteforce button to start brute forcing the decryption key. The process can take some time.
  • When the tool has found the encryption key, the decryptor will automatically decrypt the test file and ask the users to determine if it was correctly decrypted.
  • If the file was decrypted properly, users should save the discovered key and use it with the HiddenTear decryptor.
  • Download the standalone HiddenTear decryptor.
  • Double-click on the hidden-tear-decrypter.exe file to start the tool, enter the key that was discovered by the brute forcer and click on the Decrypt My Files button.
  • Once the decryption process has finished, it will display a screen stating how many files were decrypted.