Ferramenta gratuita para decifrar ficheiros do HiddenTear Ransomware

Ferramenta gratuita para decifrar ficheiros do HiddenTear Ransomware chamada de HT Brute Force e publicada pelo investigador Michael Gillespie.

Em 2015, os investigadores turcos, Utku Sen, publicaram o ransomware HiddenTear, o primeiro ransomware open-source para fins educacionais.

O código original foi decifrado pelos cryptoanalistas, por esse motivo, muitas outras variantes baseadas nele também foram surgindo ao longo do tempo.

O HT Brute Forcer atualmente suporta várias variantes do HiddenTear, incluindo:

8lock8, AnonCrack, Assembly, Balbaz, BankAccountSummary, Bansomqare Wanna, Blank, BloodJaws, Boris, CerberTear, CryptConsole2, CryptoKill, CyberResearcher, Data_Locker, Dev-Nightmare 2xx9, Diamond, Domino, Donut, dotRansom, Executioner, Executioner2, Executioner3, Explerer, FlatChestWare, Frog, Fuck_You, Gendarmerie, Horros, JobCrypter, Jodis, J-Ransomware, J-Want-To-Cry, Karmen, Kraken 2.0, Kratos, LanRan, Lime, Lime-HT, Luv, Matroska, MireWare, MoonCrypter, MTC, Nobug, Nulltica, onion3cry, OpsVenezuela, Paul, PayOrDie, Pedo, PGPSnippet, Poolezoor, Pransomware, Predator, Qwerty, Random6, Random6 2, Randion, RansomMine, Rootabx, Saramat, Shrug, ShutUpAndDance, Sorry, Symbiom, TearDr0p, Technicy, The Brotherhood, TheZone, tlar, TotalWipeOut, TQV, Ton, VideoBelle, WhiteRose, WhiteRose2, Zalupaid, ZenCrypt, Zenis, ZeroRansom, Zorro

As vítimas do HiddenTear Ransomware podem seguir o procedimento passo a passo, publicado pela Bleeping Computer, para recuperar os ficheiros infetados de forma gratuita.

Download the HT Brute Forcer.
Extract the downloaded hidden-tear-bruteforcer.zip and execute the HiddenTear Bruteforcer.exe.

Click on the Browse Sample button and choose an encrypted PNG file. Experts suggest choosing the smaller one.
Click on the Start Bruteforce button to start brute forcing the decryption key. The process can take some time.
When the tool has found the encryption key, the decryptor will automatically decrypt the test file and ask the users to determine if it was correctly decrypted.
If the file was decrypted properly, users should save the discovered key and use it with the HiddenTear decryptor.
Download the standalone HiddenTear decryptor.
Double-click on the hidden-tear-decrypter.exe file to start the tool, enter the key that was discovered by the brute forcer and click on the Decrypt My Files button.
Once the decryption process has finished, it will display a screen stating how many files were decrypted.

Pedro Tavares

Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.

In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.