A team of ethical hacking specialists has developed a free tool to remove the encryption implemented by the ransomware variant known as Paradise, which provides victims of this infection an option to regain access to their encrypted files without having to negotiate with threat actors.
Paradise ransomware has been active at least
since September 2017 and, according to experts from security firm Emsisoft, the
perpetrators of these infections continue to distribute the ransomware today.
Ethical hacking experts claim that this
encryption malware is not used directly by its developers, but is sold to third
parties, who are responsible for delivering the malicious file to victims, a
practice known as ‘ransomware-as-a-service’. After infecting the victim’s
device and encrypting the files, Paradise adds them a different extension;
among which are: .paradise, .2ksys19, .p3rf0rm4 and .FC; Paradise has been
proven to use at least 50 different extensions in its attacks.
The creators of this free tool (available here)
ensure that it is possible to remove encryption on most extensions used by
Paradise, although they also point out that, in case a user fails to decrypt
their files, they should be patient and store the encrypted files until the
next update to this tool appears.
Upon completion of the encryption, Paradise
shows the victims different versions of the ransom note, as this depends on the
third party who has delivered the malware; the common denominator of these
notes, as in most ransomware infections, is the demand for a payment in
Bitcoin. However, experts say that no matter who is the attacker, the tool is
In previous occasions, Emsisoft ethical hacking
experts also published tools to remove encryption from other ransomware
variants, such as STOP Djvu, HildaCrypt, Avest and Muhstik, and their
collaboration was instrumental in publishing a decryptor for the GandCrab
ransomware, which was used in nearly 50% of global ransomware infections.
The work of the cybersecurity community is
fundamental in the fight against ransomware attacks. A couple of weeks ago,
experts from the International Institute of Cyber Security (IICS) reported the
case of a German ethical hacker who, after falling victim to a ransomware
infection, managed to infiltrate the attackers’ servers to extract the malware
code and use it to develop a decryption tool, benefiting hundreds of victims.