Avast has released a tool for recovering files encrypted with extortionate HermeticRansom software, which was used in cyber attacks on Ukraine over the past ten days. Ukrainian users can download it for free from the Avast website.
The first signs of the spread of HermeticRansom were discovered by specialists of the Slovak information security company ESET on February 23, a few hours before the entry of Russian troops into the territory of Ukraine. The ransomware was delivered to the attacked systems with the HermeticWizard computer worm and, rather, played the role of bait in the Viper attack, rather than being used for extortion.
Crowdstrike specialists quickly identified a vulnerability in the HermeticRansom encryption scheme and provided a script to restore the files encrypted by it.
“The ransomware contains implementation errors that make its encryption slow and it can be hacked. These errors indicate that the malware author is either inexperienced in working with the Go language, or did not bother to test it properly, possibly due to lack of time allocated for development,” Crowdstrike reported.
Although the script developed by Crowdstrike is reliable, not everyone can use it in this situation, so Avast has released a descriptor with a user-friendly interface.
A step- by -step instruction on using the descriptor can be found here .