Master decryption keys got leaked by a malware developer

March 3, 2022
Master Decryption Keys Data Leak Malware Developer

An alleged malware developer had released master decryption keys for various ransomware, including Egregor, Maze, and Sekhmet.

These decryption keys were revealed in a public forum by a user named Topleak, who claimed that he is a developer for all ransomware groups mentioned above. The forum also stated that the team members of the affected groups have destroyed their source code and do not plan to return to the ransomware community.

The post also includes a download link for a file with four archives, including three decryption keys and the M0yv malware source code utilised by the ransomware gangs. Each of the archives includes the private master decryption key and public encryption key attached with a specific advert or affiliate of the ransomware campaign.

 

Moreover, the poster on the public forum stated that the incident was a planned leak. The alleged developer claimed that the release of the master decryption keys is not related to any law enforcement authorities.

 

The leakage of the keys paved the way for the arrests of ransomware partners and the confiscations of many malicious servers. The researchers studied the leaked keys and confirmed their authenticity.

Based on the detailed report, the Maze ransomware has nine master keys for the original payload that victimised non-corporate users and 30 master decryption keys for separate victims.

On the other hand, Egregor has 19 leaked master decryption keys, while Sekhmet has one master key that covers all encrypted files.

The recent leak of master keys for high-profiled ransomware groups is a huge step for cybersecurity solutions and the victims who wait to recover their stolen files.

The release of these keys may also help in creating decryptor tools. However, cybersecurity experts still think that the leakage incident may only be a decoy since threat actors are always preparing for new malware versions.

About the author

Leave a Reply