Decryptor for Key Group ransomware unveiled

Threat intelligence firm EclecticIQ has released a new free Key Group ransomware decryptor that could be used for malware versions developed last month, reports BleepingComputer. Military-grade AES encryption was purported by the Russian Key Group ransomware operation to have been used in its malware, with static salt leveraged across all encryption processes that could enable decryption, according to EclecticIQ. Organizations impacted by Key Group ransomware could save the decryptor as a Python file before executing with a particular command that would then prompt the scouring of the target directory and subdirectories for .KEYGROUP777TG files, which it would then decrypt. Numerous organizations have been compromised by Key Group ransomware since its emergence earlier this year, with the ransomware operation previously reported by BI.ZONE, a Russian threat intelligence company, to have used the Chaos 4.0 builder as the basis for its ransomware strain. Windows living-off-the-land binaries have also been utilized by the operation to curb data restoration without ransom payment.