Monday, December 23, 2024

RanHassan Ransomware Decryptor Now Available

A new decryptor for the RanHassan ransomware is now available for download. First isolated in May 2022, this family of ransomware seems to primarily target victims in India and Arab-speaking countries.

The tell-tale signs of a RanHassan infection are the presence of ransom notes called ATENTION...ATENTION...ATENTION...ATENTION...ATENTION....hta  referencing [dc.dcrypt@tutanota.com](mailto:dc.dcrypt@tutanota.com) and [dc.dcrypt@mailfence.com](mailto:dc.dcrypt@mailfence.com).

How to decrypt ransomed files

Step 1: Download the decryption tool below and save it on the infected device:

https://download.bitdefender.com/am/malware_removal/BDRanHassanDecryptTool.exe

Step 2: Run the tool and accept the End User License Agreement.

Step 3: Select a folder to scan for encrypted files or let the tool find all files on the system. In order for the tool to identify the correct keys, you need at least one encrypted file and its unencrypted version.

Step 4: Start the decryption process and let the tool run until all files are decrypted.

Silent execution (via cmdline)

The tool can also be executed silently via a command line. If you need to automate the deployment of the tool inside a large network, you might want to use this feature.

•  -help –  will provide information on how to run the tool silently (this information will be written in the log file, not on console)

•  start  –  this argument allows the tool to run silently (no GUI)

•  -scan-path  –  this argument specifies the path containing encrypted files

•  -full-scan  –  will enable the Scan entire system option (ignoring -scan-path argument)

•  -disable-backup  –  will disable the file Backup option

•  -replace-existing  –  will enable the Replace previously decrypted files option

Recommended:  Malware Spotted on the Google Play Store Steals Banking Credentials & Intercepts SMS Messages

•  -test-path – specifies a folder containing pairs of clean-encrypted files

Examples:

  • BDRanHassanDecryptTool.exe start -scan-path:C:\  -> the tool will start with no GUI and scan C:\
  • BDRanHassanDecryptTool.exe start -full-scan  -> the tool will start with no GUI and scan the entire system
  • BDRanHassanDecryptTool.exe start -full-scan -replace-existing  -> the tool will scan the entire system and overwrite present clean files

Acknowledgement

This product includes software developed by the OpenSSL Project, for use in the OpenSSL Toolkit (http://www.openssl.org/)

K7Security Labs have published a technical analysis of the RanHassan (DCDcrypt) here.

Suggest an edit to this article

Cybersecurity Knowledge Base

Latest Cybersecurity News

Cybersecurity Academy

Homepage

source

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose
Just your average information security researcher from Delaware US.
Latest posts by RiSec.Mitch (see all)
Recommended:  Threat Actors Are Actively Exploiting CVE-2022-1388 RCE in F5 BIG-IP
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

RiSec.Mitch
Just your average information security researcher from Delaware US.

more infosec reads

Subscribe for weekly updates

explore

more

security