A team of ethical hacking specialists has developed a free tool to remove the encryption implemented by the ransomware variant known as Paradise, which provides victims of this infection an option to regain access to their encrypted files without having to negotiate with threat actors.
Paradise ransomware has been active at least since September 2017 and, according to experts from security firm Emsisoft, the perpetrators of these infections continue to distribute the ransomware today.
Ethical hacking experts claim that this encryption malware is not used directly by its developers, but is sold to third parties, who are responsible for delivering the malicious file to victims, a practice known as ‘ransomware-as-a-service’. After infecting the victim’s device and encrypting the files, Paradise adds them a different extension; among which are: .paradise, .2ksys19, .p3rf0rm4 and .FC; Paradise has been proven to use at least 50 different extensions in its attacks.
The creators of this free tool (available here) ensure that it is possible to remove encryption on most extensions used by Paradise, although they also point out that, in case a user fails to decrypt their files, they should be patient and store the encrypted files until the next update to this tool appears.
Upon completion of the encryption, Paradise shows the victims different versions of the ransom note, as this depends on the third party who has delivered the malware; the common denominator of these notes, as in most ransomware infections, is the demand for a payment in Bitcoin. However, experts say that no matter who is the attacker, the tool is really functional.
In previous occasions, Emsisoft ethical hacking experts also published tools to remove encryption from other ransomware variants, such as STOP Djvu, HildaCrypt, Avest and Muhstik, and their collaboration was instrumental in publishing a decryptor for the GandCrab ransomware, which was used in nearly 50% of global ransomware infections.
The work of the cybersecurity community is fundamental in the fight against ransomware attacks. A couple of weeks ago, experts from the International Institute of Cyber Security (IICS) reported the case of a German ethical hacker who, after falling victim to a ransomware infection, managed to infiltrate the attackers’ servers to extract the malware code and use it to develop a decryption tool, benefiting hundreds of victims.