Threat Management

Cryptonite ransomware acts a data wiper

Fortinet FortiGuard Labs researchers discovered that the new Cryptonite ransomware, which was once included in a free-to-download open-source toolkit, does not contain file decrypting capabilities and only serves as a wiper malware, according to ZDNET. Such lack of decryption functionality has stemmed from Cryptonite's inadequate quality assurance rather than an intentional act of destruction, said researchers. The report also showed that Cryptonite could not be operated in decryption-only mode, prompting file re-encryption with a different key following repeated ransomware execution. "This sample demonstrates how a ransomware's weak architecture and programming can quickly turn it into a wiper that does not allow data recovery. Although we often complain about the increasing sophistication of ransomware samples, we can also see that over-simplicity and a lack of quality assurance can also lead to significant problems," said researcher Gergely Rvay. GitHub has already removed the original source code for Cryptonite, which could also be easily detected by antivirus systems due to its simplicity.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.