March 3rd, 2022: HermeticRansom Ransomware Decryptor Released by Avast
Industry: N/A | Level: Strategic | Sources: Avast & CrowdStrike
Analysis of HermeticRansom/PartyTicket (the ransomware component of HermeticWiper) by CrowdStrike identified a "weakness in the crypto schema" and Avast security has provided a decryptor for the ransomware. While the ransomware primarily serves as a decoy for the wiper, impacted files can be recovered with the free decryptor. Investigation of the ransomware by CrowdStrike identified it is written in Go programming language, with functionality no different from traditional ransomware, as it iterates drives and files for encryption in various files paths. CrowdStrike’s assessment for the ransomware's flaw that enables decryption is stated as, "he ransomware contains implementation errors, making its encryption breakable and slow. This flaw suggests that the malware author was either inexperienced writing in Go or invested limited efforts in testing the malware, possibly because the available development time was limited."