DarkBit Ransomware Cracked: Victims Can Recover Data for Free
In a significant development, security researchers have successfully cracked the encryption of DarkBit ransomware, offering relief to victims of the 2023 attack on VMware ESXi servers. The attack, suspected to be a retaliatory act by Iran-linked threat actors, had demanded a hefty ransom of 80 Bitcoin.
Profero, a cybersecurity firm, took the lead in this effort. Their researchers discovered a critical flaw in DarkBit's encryption method. The ransomware used AES-128-CBC for encryption, but its key generation process produced weak and predictable keys. Exploiting this weakness, Profero managed to crack the encryption, enabling free file recovery for affected users.
Profero's team created a tool to recover decryption keys. They cleverly utilised the sparsity of VMDK (VMware Virtual Disk) files to bypass the need for brute-force decryption, speeding up the recovery process for most data.
The successful decryption of DarkBit ransomware is a testament to the resilience and ingenuity of cybersecurity professionals. Victims of the 2023 attack can now recover their data without paying the exorbitant ransom. This breakthrough also serves as a reminder of the importance of robust cybersecurity measures and the global cooperation among security researchers to combat cyber threats.
