Security Brief: The French Retis Ransomware Appends .Crypted

Discussion in '0-day Release' started by silversurfer, Dec 22, 2017.

  1. silversurfer

    silversurfer Malware Tester Silver Member

    Source: https://www.bleepingcomputer.com/ne...-the-french-retis-ransomware-appends-crypted/

    This is a security brief for the newly discovered ransomware called Retis. This brief will contain technical information related to how it infects a computer, how it is distributed, and whether it can be decrypted or not.

    The Retis Ransomware was discovered by security researcher SDK on December 19th 2017. This is a .NET ransomware, so its source code is easily accessible. When started it will first target the victim's Desktop, Documents, and Pictures folder for encryption. After encrypting those folder, it will target the rest of the drives on the computer.

    When encrypting a file it will use AES encryption and use a static key of "m4aP}2a_Jd`H~=k9aML58-ZJwy/j:e5Q" and IV of "R<0]W&JCfaD^('FX". After encrypting a file it will append the .crypted extension to the filename.

    MTAC Thread: http://tweakbytes.com/threads/retis-ransomware.5988/#post-25836
     
    revC0de, Ultimo, Trim and 2 others like this.
  2. Google Adsense

  3. Trim

    Trim MTAC Moderator Staff Member

    Interesting new ransomware, thank you @silversurfer for posting and thanks to the MTAC team for testing it! :)
     
    revC0de, Ultimo, Der.Reisende and 2 others like this.

Share This Page