On June 3, Spain-based telecommunications conglomerate, Telefónica, released a free tool to recover data encrypted by the VCryptor ransomware.
The tool, VCrypt Decryptor, was created as part of an international initiative titled “No More Ransomware”. This alliance was established by McAfee, Europol, Politie, and Kaspersky. It is one of several tools that aim to decrypt almost 134 types of ransomware.
VCrypt’s attack method
According to ElevenPaths, Telefonica’s specialized cybersecurity unit, VCryptor creates a password-protected .zip file in which it stores all encrypted data. It then generates new files with the extension “.vcrypt,” to replace the original files.
The ransomware then launches a message notifying the victim that the attack has been perpetrated. The are instructed to pay the attackers a ransom through cryptocurrencies in order to restore access to the files, with most hacker’s currency of choice being Bitcoin (BTC).
The free tool created by ElevenPaths aims to take advantage of a weak point in VCryptor’s encryption password method.
Ongoing efforts
Telefonica’s cybersecurity division has also been involved in creating free tools to decrypt files affected by PopCorn ransomware.
Cointelegraph reported on an alliance between Interpol and the cybersecurity firm, Kaspersky. Together they launched a campaign called “Anti-Ransomware Day”, set on May 12. The purpose of the day is to raise awareness about the effects of ransom-centric cyberattacks, which continue to affect people and businesses all over the world.