Threat Management, Malware, Threat Management

Researchers find weaknesses in ‘Sloppy’ LockCrypt ransomware

Malwarebytes researchers discovered a weakness in the LockCrypt ransomware which enabled them to recover victim's files.

The malware has remained more or less under the radar since June 2017 and is spread via RDP brute-force attacks that must be manually installed, according to an April 4, 2018 blog post.  

Researchers discovered a sample of the malware that wasn't obfuscated or encrypted which allowed them to find where the ransomware's authors attempted to write their own cryptography that allowed victims to recover their data in some cases.

The malware contained a buffer of bytes meant to pad the encryption scheme similar to a one-time-pad encryption but the buffer instead made their algorithm vulnerable for a plain text attack.

Researchers described LockCrypt as another simple ransomware created and used by unsophisticated attackers.

“Authors don't take much time preparing the attack or the payload,” researchers said in the report. “Instead, they're rather focused on a fast and easy gain, rather than on creating something for the long run.”

The researchers went on to say that the sloppy unprofessional code is commonplace when the ransomware is created for manual distribution.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.