Ethical Hacking News
DarkBit ransomware encryption cracked by Profero researchers, allowing victims to recover their files for free without paying the ransom. The breakthrough marks a significant milestone in the fight against this destructive malware.
RResearchers at cybersecurity firm Profero have cracked the encryption used by DarkBit ransomware, allowing victims to recover their files for free without paying the ransom. The team of experts, led by Pierluigi Paganini, successfully utilized an AES-128-CBC key breaking harness and a decryptor to break the encryption process. The breakthrough was made possible by analyzing the DarkBit ransomware encryption process with a critical eye, exploiting weaknesses in the crypto, and utilizing advanced tools and techniques. The crack has provided a new hope for victims who thought they had lost their precious data forever, but also leaves them vulnerable to future attacks from the DarkBit ransomware group.
Researchers at cybersecurity firm Profero have made a significant breakthrough in cracking the encryption used by DarkBit ransomware, a highly sophisticated and destructive malware that has been wreaking havoc on victims worldwide. The team of experts, led by Pierluigi Paganini, successfully cracked the encryption process, allowing victims to recover their files for free without paying the ransom.
In a major victory for cybersecurity enthusiasts and organizations affected by DarkBit ransomware attacks, Profero's research marks a significant milestone in the fight against this malicious software. The team's innovative approach to encryption cracking has provided a new hope for those who thought they had lost their precious data forever.
DarkBit ransomware was first discovered in 2023, and since then, it has been linked to the Iran-nexus threat actor MuddyWater APT group. In response to Iranian drone strikes, attackers launched a series of attacks on multiple VMware ESXi servers, targeting Israeli institutions and leaving victims with no choice but to pay the ransom.
However, Profero's team refused to give up on their mission to crack the encryption used by DarkBit ransomware. Through an in-depth analysis of the malware, they discovered that its AES-128-CBC key generation method produced weak and predictable keys. Utilizing file timestamps and known VMDK headers, researchers reduced the keyspace to billions of possibilities, enabling efficient brute-forcing.
"We made use of an AES-128-CBC key breaking harness to test if our theory was correct, as well as a decryptor which would take an encrypted VMDK and a key and IV pair as input to produce the unencrypted file," reads the report published by the experts. "The harness ran in a high-performance environment, allowing us to speed through the task as quickly as possible, and after a day of brute-forcing, we were successful!"
While this breakthrough is a significant achievement for Profero's team, it also highlights the ongoing cat-and-mouse game between cybersecurity researchers and malware developers. The DarkBit ransomware group has already announced its intention to exploit this vulnerability, leaving victims vulnerable once again.
To combat this new threat, Profero created a tool to test all possible seeds and generate key and IV pairs, which allowed them to recover the decryption keys. Moreover, by leveraging the sparsity of VMDK files, researchers were able to bypass brute-force decryption for much of the data, recovering most needed files directly without decrypting any of it.
"VMDK files are sparse, which means they are mostly empty, and therefore, the chunks encrypted by the ransomware in each file are also mostly empty," concludes the experts. "Statistically, most files contained within the VMDK filesystems won't be encrypted, and most files inside these file systems were anyways not relevant to us/our task/our investigation."
So, how did Profero's researchers manage to achieve this impressive feat? The answer lies in their ability to analyze the DarkBit ransomware encryption process with a critical eye. By exploiting weaknesses in the crypto and utilizing advanced tools and techniques, they were able to crack the code that had been protecting the malware for so long.
In conclusion, Profero's groundbreaking achievement marks a significant milestone in the fight against DarkBit ransomware. While this new vulnerability leaves victims vulnerable once again, it also serves as a reminder of the ongoing battle between cybersecurity researchers and malware developers. As we move forward, it is essential to recognize the importance of collaboration and innovation in the pursuit of digital security.
DarkBit ransomware encryption cracked by Profero researchers, allowing victims to recover their files for free without paying the ransom. The breakthrough marks a significant milestone in the fight against this destructive malware.
Related Information:
https://www.ethicalhackingnews.com/articles/Cracking-the-Code-DarkBit-Ransomware-Encryption-Cracked-by-Profero-Researchers-ehn.shtml
https://securityaffairs.com/181064/malware/researchers-cracked-the-encryption-used-by-darkbit-ransomware.html
https://www.bleepingcomputer.com/news/security/muddywaters-darkbit-ransomware-cracked-for-free-data-recovery/
https://attack.mitre.org/groups/G0069/
https://www.group-ib.com/masked-actors/muddywater/
Published: Tue Aug 12 05:00:20 2025 by llama3.2 3B Q4_K_M
